Welcome, to this course, “PenTesting with OWASP ZAP” a fine grained course that enables you to test web application, automated testing, manual testing, fuzzing web applications, perform bug hunting and complete web assessment using ZAP. focused over ease of use and with special abilities to take down the web applications that most of the tool will leave you with unnoticed and or, un touched critical vulnerabilities in web applications but then the ZAP comes to rescue and do the rest what other tools can not find.
“This course is completely focused over pen testing web applications with ZAP”
The ZAP, is a fine grained tool that every penetration testers, hacker, developers must have in their arsenal and hence required a solid understanding and through training to perform security testing from its core. ZAP can work with and integrate with many tools in the hacking, penetration testing segment such as: SQLmap, nmap, Burp suite, Nikto and every tool inside kali linux. Invoking with burp gives much flexibility to combine the power of ZAP and burp suite at the same time and in complete order.
[+] Some special features of the ZAP
Quick start using “point and shoot”
Intercepting proxy with liked browser
Proxying through zap then scanning
Manual testing with automated testing
ZAP HUD mode, to test apps and attack in a single page
Attack modes for different use cases.
Active scanning with passive scanning
Requester for Manual testing
Plug-n-hack support
Can be easily integrated into CI/CD
Powerful REST based API
Traditional AJAX spider
Support for the wide range of scripting languages
Smart card support
Port scanning
Parameter analysis
Invoking and using other apps I.e: Burp suite
Session management
Anti-CSRF token handling
Dynamic SSL certificates support
–