Prämisse

In this video walk-through, we covered OWASP ZAP web application vulnerability scanner to perform vulnerability scanning on a lab environment provided by TryHackMe as part of TryHackMe Introduction to OWASP ZAP room.

Raumeinführung

Learn how to use OWASP ZAP from the ground up. An alternative to BurpSuite. OWASP Zap is a security testing framework much like Burp Suite. It acts as a very robust enumeration tool. It’s used to test web applications.

Holen Sie sich Hinweise zum OSCP-Zertifikat

Der komplette praktische Kurs zum Penetrationstest von Webanwendungen

Benefits of using OWASP ZAP

  • Automated Web Application Scan: This will automatically passively and actively scan a web application, build a sitemap, and discover vulnerabilities. This is a paid feature in Burp.
  • Web Spidering: You can passively build a website map with Spidering. This is a paid feature in Burp.
  • Unthrottled Intruder: You can bruteforce login pages within OWASP as fast as your machine and the web-server can handle. This is a paid feature in Burp.
  • No need to forward individual requests through Burp: When doing manual attacks, having to change windows to send a request through the browser, and then forward in burp, can be tedious. OWASP handles both and you can just browse the site and OWASP will intercept automatically. This is NOT a feature in Burp.

Raumantworten

What does ZAP stand for?

What IP do we use for the proxy?

Use ZAP to bruteforce the DVWA ‘brute-force’ page. What’s the password?

Video-Anleitung

 

,
Anmerkungen anzeigen

Motasem

Über den Autor

Ich erstelle Notizen zur Cybersicherheit, Notizen zum digitalen Marketing und Online-Kurse. Ich biete auch Beratung zum digitalen Marketing an, einschließlich, aber nicht beschränkt auf SEO, Google- und Meta-Anzeigen und CRM-Verwaltung.

Artikel anzeigen