This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ZAPpingTheTop10-2013"
m |
|||
Line 7: | Line 7: | ||
<table class="wikitable"> | <table class="wikitable"> | ||
− | <tr><td style="border: 1px solid #ccc; padding: 5px;"> <font size="5"> </font> </td><td style="border: 1px solid #ccc; padding: 5px;"> <font size="5"> Common | + | <tr><td style="border: 1px solid #ccc; padding: 5px;"> <font size="5"> </font> </td><td style="border: 1px solid #ccc; padding: 5px;"> <font size="5"> Common Components </font> </td></tr> |
<tr><td style="border: 1px solid #ccc; padding: 5px;"> </td><td style="border: 1px solid #ccc; padding: 5px;"> The 'common components' can be used for pretty much everything, so can be used to help detect all of the Top 10 </td></tr> | <tr><td style="border: 1px solid #ccc; padding: 5px;"> </td><td style="border: 1px solid #ccc; padding: 5px;"> The 'common components' can be used for pretty much everything, so can be used to help detect all of the Top 10 </td></tr> | ||
<tr><td style="border: 1px solid #ccc; padding: 5px;"> Manual </td><td style="border: 1px solid #ccc; padding: 5px;"> [https://code.google.com/p/zaproxy/wiki/HelpStartConceptsIntercept Intercepting proxy] </td></tr> | <tr><td style="border: 1px solid #ccc; padding: 5px;"> Manual </td><td style="border: 1px solid #ccc; padding: 5px;"> [https://code.google.com/p/zaproxy/wiki/HelpStartConceptsIntercept Intercepting proxy] </td></tr> |
Revision as of 14:43, 28 August 2014
ZAPping the OWASP Top 10
This document gives an overview of the automatic and manual components provided by the OWASP Zed Attack Proxy Project (ZAP) that are recommended for testing each of the OWASP Top Ten Project 2013 risks.
Note that the OWASP Top Ten Project risks cover a wide range of underlying vulnerabilities, some of which are not really possible to test for in a completely automated way. If a completely automated tool claims to protect you against the full OWASP Top Ten then you can be sure they are being ‘economical with the truth’!
A printable (pdf) version of this document is also available: ZAPpingTheOwaspTop10.pdf
The component links take you to the relevant places in an online version of the ZAP User Guide from which you can learn more.
‘Manage add-ons’ button on the ZAP main toolbar.