OWASP Vulnerability scanner

By | April 17, 2017

This post is more of a note to myself so I can remember the name of this tool and how to configure it. The OWASP Zed Attack Proxy (ZAP) can crawl through a site and test a site for the current OWASP top 10.

How to get started

  • Start the proxy and start a new session.
  • The proxy by default listens on localhost:8080.
  • Configure a browser to use the proxy of localhost:8080
  • Browse to the site to be tested and sign-in in the browser.
  • Now go to the proxy and the site should appear on the left. Right click – include default context.
  • Now you can start a spider crawl attack.

Here is a video that shows how to get started with the OWasp Zap Proxy.

Leave a Reply

Your email address will not be published.