What is OWASP?

Recently, I had the opportunity to work alongside my excellent teammates as a QA practice memberstandardize at a freelance job, developing and testing your application web.

For this project, we wanted to strengthen our in-house penetration testing (pen test) capability to enable us to prove the security of our web application from the outset rather than having to wait for the results of our independent pen test towards the end of development. Being relatively new to penetration testing, we wanted to choose a easy setup tool that Considering several free and paid tools, we an OWASP Zed Attack Proxy (ZAP) for could find as many vulnerabilities as possible. Being relatively new to penetration testing, we wanted to choose an easy setup tool. Considering several free and paid tools, we chose OWASP Zed Attack Proxy (ZAP), which could find as many vulnerabilities as possible. reasons given above and expanded on below.

In this article, I will demonstrate how to setup and use OWASP ZAP to test the security of a typical web application.

Before I continue, I feel obligated to warn you that you should use this tool only with an application you’re hosting yourself, or one you’ve been given explicit permission to test, as ZAP attempts to modify data and insert malicious scripts in the web application.

, and guidance on delivering secure web applications. It is an international collaborative initiative comprised of the following: 

What is OWASP? standardize

The Open Web Application Security Project (OWASP) is an open online community that creates methodologies, tools, technologies, and guidance on how to deliver secure web applications. It is an international collaborative initiative comprised of both individuals and corporations. The project aims to deliver security approaches in web development and spread associated knowledge. Standardize