Web Application Security Testing with OWASP ZAP
Scan websites for vulnerabilities
Setup and use OWASP ZAP Proxy
Use a dictionary list to find files and folders and spider crawl to find links and URLs
By the end of this project, you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application. Note: This course works best for learners who are based in the North America region. We’re currently working on providing the same experience in other regions.
分步进行学习
在与您的工作区一起在分屏中播放的视频中,您的授课教师将指导您完成每个步骤:
Introduction and overview of what OWASP ZAP is and how it is important for web security professionals.
Understand the layout of OWASP ZAP and scan a website for vulnerabilities.
Analyze the OWASP ZAP vulnerability scan results and generate a vulnerability report from those results.
Setup and configure FoxyProxy within the Firefox browser to use ZAP as a proxy.
Find files and directories of a web server using a dictionary list within OWASP ZAP.
Using OWASP ZAP to crawl and spider websites to find links and URLs.
Using OWASP ZAP as a web proxy to intercept a valid request, modify it to make it invalid, and then send it to the web server to provoke unexpected behavior from it.
指导项目工作原理
您的工作空间就是浏览器中的云桌面,无需下载
在分屏视频中,您的授课教师会为您提供分步指导
审阅
来自WEB APPLICATION SECURITY TESTING WITH OWASP ZAP的热门评论
The course I believe was a bit easy and not intermediate plus Rhyme refused connections to the mutilliadae server
The information is very helpful. I got basic knowledge to continue learning OWASP ZAP.
As a beginner it was very helpful to me. Iam able to learn quickly as well.
It is good for starters, but I think for the tool we fall a little short.
常见问题
常见问题
如果我购买指导项目,会得到什么?
指导项目可在台式设备和移动设备上学习吗?
指导项目的讲师是谁?
我能在完成指导项目后从中下载作品吗?
我能够退款吗?退款政策是如何规定的?
有助学金吗?
我能旁听指导项目并免费观看视频部分吗?
我需要具备多少经验才能做这个指导项目?
我能直接通过 Web 浏览器来完成此指导项目,而不必安装特殊软件吗?
指导项目的学习体验如何?
还有其他问题吗?请访问 学生帮助中心。
Coursera Footer
