zap | The Blog Pros

June 11, 2019

Automate ZAP Security Tests With Selenium Webdriver

OWASP ZAP (Zed Attack Proxy) is an open-source and easy-to-use penetration testing tool for finding security vulnerabilities in the web applications and APIs. As a cross-platform tool with just a basic Java installation pre-requisite, it provides vulnerability scanning for beginners and penetration testing for professionals. It can be downloaded and installed as a standalone application or Docker image.

Additionally, the OWASP community has exposed ZAP APIs, which allows ZAPs to integrate with other tools/frameworks.

February 1, 2019

The Magic Behind Burp, ZAP, and Other Proxies

If you build web applications and care about security, you have probably used the Burp and ZAP proxy security tools. These tools perform dynamic analysis of live web applications to identify security vulnerabilities. Burp and ZAP can discover issues with your applications as you navigate through them via a browser. Essentially, it was configured as the "man in the middle" and was able to intercept all traffic between your browser and web application. Have you ever wondered how it is possible to intercept encrypted traffic over https? This article explains how it is done and provides a basic framework for creating your own proxy software.

To get started with Burp and ZAP (from now on, I'll refer to these as simply the "proxy"), you have to decide what port you want the proxy to listen on and configure your browser to use that port as a proxy. In Firefox, to use port 9000, your configuration might look like the following:

Cybersecurity path
In Networking
Does Anyone know how a beginner like me in tech can start learning cyber security or starting a career in cyber engineering? […]
Build an Advanced RAG App: Query Rewriting
No categories
In the last article, I established the basic architecture for a basic RAG app. In case you missed that, I recommend that you first read that article. That will set the base from which we can improve our RAG system. Also in that last article, I listed s... […]
Extracting YouTube Channel Statistics in Python Using YouTube Data API
In Computer Science
Are you interested in finding out what a YouTube channel mostly discusses? Do you want to analyze YouTube videos of a specific channel? If yes, we are in the same boat. YouTube video titles are a great way to determine the channel's primary focus. Plotting a word cloud or a ... […]
Contexts in Go: A Comprehensive Guide
No categories
Contexts in Go provide a standard way to pass metadata and control signals between goroutines. They are mainly used to manage task execution time, data passing, and operation cancellation. This article covers different types of contexts in Go and examp... […]
Next-Gen Lie Detector: Stack Selection
No categories
The first lie detector which relied on eye movement appeared in 2014. The Converus team together with Dr. John C. Kircher, Dr. David C. Raskin, and Dr. Anne Cook launched EyeDetect — a brand-new solution to detect deception quickly and accurately. This... […]