Projects/OWASP Zed Attack Proxy Project/Pages/Talks
2014 October 16: Skills Matter eXchange, London: Bill Matthews: Security Testing with OWASP ZAP: from zero to hero
More and more Security Testing is becoming part of the tester’s role and so we need to equip ourselves with the knowledge and tools to take on this challenge.
A good tool for beginners and experienced security testers is the OWASP ZAP tool (voted best security tool 2013 by toolswatch.org) so in this session we will be using the OWASP ZAP tool to conduct a security test against a deliberately vulnerable web application through a series of guided exercises that will take you from knowing little or nothing about ZAP or security testing and give you a grounding in using ZAP for Security Testing that is beyond the majority of other ZAP users.
2014 October 16-17: Black Hat Arsenal, Amsterdam: Zakaria Rachid: OWASP ZAP
The Zed Attack Proxy (ZAP) is currently the most active open source web application security tool and competes effectively with commercial tools.
While it is an ideal tool for people new to appsec, it also has many features specifically intended for advanced penetration testing.
Zack will give a quick introduction to ZAP and then dive into the more advanced features, presenting some useful scripts as well as giving an overview of where its heading.
2014 November 11: Agile Testing Days, Potsdam, Germany: Bill Matthews: Security Testing in an Agile Context
With each iteration producing a potentially deployable release, testing on an Agile project needs to cover a broad range of tests is a short period of time. All too often, Security Testing is one of those areas that is omitted due to a lack of experience and understanding of how to approach Security in an Agile context.
In this talk, we will look at key principles that can allow us to integrate security testing into each iteration. We will start with looking at Threat Modelling as a means to understand what is important to test before moving onto methods for generating test ideas. We will then examine ideas of how to implement these checks/tests and how they can be integrated into your current testing practices.
Bill will be covering a bit about ZAP as part of this talk :)