Premisa
In this video walk-through, we covered OWASP ZAP web application vulnerability scanner to perform vulnerability scanning on a lab environment provided by TryHackMe as part of TryHackMe Introduction to OWASP ZAP room.
Introducción a la sala
Learn how to use OWASP ZAP from the ground up. An alternative to BurpSuite. OWASP Zap is a security testing framework much like Burp Suite. It acts as a very robust enumeration tool. It’s used to test web applications.
Obtenga notas del certificado OSCP
El curso completo y práctico de pruebas de penetración de aplicaciones web
Benefits of using OWASP ZAP
- Automated Web Application Scan: This will automatically passively and actively scan a web application, build a sitemap, and discover vulnerabilities. This is a paid feature in Burp.
- Web Spidering: You can passively build a website map with Spidering. This is a paid feature in Burp.
- Unthrottled Intruder: You can bruteforce login pages within OWASP as fast as your machine and the web-server can handle. This is a paid feature in Burp.
- No need to forward individual requests through Burp: When doing manual attacks, having to change windows to send a request through the browser, and then forward in burp, can be tedious. OWASP handles both and you can just browse the site and OWASP will intercept automatically. This is NOT a feature in Burp.
Respuestas de la habitación
What does ZAP stand for?
What IP do we use for the proxy?
Use ZAP to bruteforce the DVWA ‘brute-force’ page. What’s the password?
Enlace de habitación: https://tryhackme.com/room/learnowaspzap
Tutorial en vídeo
Mostrar Comentarios