Subscribe me on new discussions
ZAP tool to perform security testing
Views: 216
Hi, guys!
We have found this tool (ZAP) very useful for security testing of web applications and want to share this information with you.
First of all it is free and open source software. Also it is one of the most active project of OWASP.
Here are the link on ZAP web site and GitHub of ZAP project.
What does ZAP?
- HTTP active and passive scanning
- WebSockets passive scanning
- SQL Injection active scanning
- DOM XSS active scanning
- Image location and privacy scanning
Also they have ZAP marketplace with add-ons written by ZAP Team and community.
Here are very useful link on YouTube ZAP tutorial by Simon Bennetts.
Have you used ZAP or other tools (like BurpSuite) for security testing?
Can you share your experience with us?
Karma: {{ total }}
Published: 5 years ago
by
QAProvider Team
Comments
Dmitry
at 2020-03-07 14:52:56
Karma: {{ total }}
Karma: {{ total }}
Tom
at 2020-03-09 13:42:45
Karma: {{ total }}
Karma: {{ total }}
Here are the list of Security Testing tools:
- Needle
- Tamper Chrome
- Nishang
- Taipan
- Archery
- Metasploit Framework
- Pocsuite
- Faraday
- Excercise in a Box
- Knock Subdomain Scan
- Iron WaspGoogle Nogotofail
- Ettercap
- Nmap
- Acunetix
- Burp Suite
- Sboxr
- OWASP Zed Attack Proxy (listed in this article)
As a web developer I would recommend another approach. Approach is to use code analysis tools.
Such tools could be used by developers with IDE while developing. Or could be run from CI process after every commits.
For example I use RIPS Security Analysis plugin with my IDE. It helps me a lot.
Sometimes it happens even with professional developers, you could forget to think about security while writing your code. Plugin like that just will show you the weak place in your code.
For junior developers it is must have tool. It is not only about the weak places in the code, it is about growing your professional knowledge faster and deeper.