Writing Custom Scripts for OWASP Zed Attack Proxy

Focused View

Marudhamaran Gunasekaran

2:55:26

17 View

00. Course Overview

00. Course Overview.mp4

01:52

01. Preparing the OWASP ZAP Scripting Environment

00. The Need for Scripting in OWASP ZAP.mp4

02:21

01. Supported Scripting Types and Languages.mp4

05:01

02. Setting up the Browser, Proxies, and Certificates.mp4

08:39

03. Preparing the Scripting Add-ons.mp4

05:17

02. Tampering the Requests and Responses with Proxy Scripts

00. The Power of Being the Man in the Middle.mp4

03:25

01. Insecure Cache Configuration Vulnerability.mp4

03:25

02. The Proxy Script and Its Trigger.mp4

05:05

03. Writing a Proxy Script That Modifies HTTP Responses.mp4

06:49

04. Saving and Loading Scripts and ZEST Statements.mp4

02:29

05. Summary.mp4

02:02

03. Identifying Contextual and Custom Vulnerabilities through Scanner Scripts

00. Three Important Components of Web Scanning.mp4

03:25

01. Information Exposure Vulnerability.mp4

04:59

02. Default Active Scan and Passive Scan Rules.mp4

03:14

03. Writing a Passive Scan Script to Find Leaking IBANs.mp4

07:08

04. Raising Alerts with Different Arguments.mp4

06:02

05. Running an Active Scan Script to Detect Insecure HTTP Verbs.mp4

09:12

06. Summary.mp4

02:01

04. Scripting Complicated Authentication Scenarios

00. Supported Authentication Schemes in OWASP ZAP.mp4

03:11

01. The Need for Authenticated Scanning.mp4

06:02

02. Scripting an Authentication Sequence with ZEST.mp4

10:29

03. Extracting Tokens from HTTP Message Data to Script Variables.mp4

07:35

04. Summary.mp4

01:25

05. Generating Custom Payloads for Fuzzing Operations

00. Insecure Direct Object References Vulnerability.mp4

03:04

01. Inbuilt Fuzzer Payload Generators in OWASP ZAP.mp4

03:45

02. Anatomy of a Payload Generator Script.mp4

02:37

03. Writing a Fuzzer Payload Generator Script.mp4

04:42

04. Combining Multiple Payload Generators for Fuzzing.mp4

06:56

05. Summary.mp4

02:00

06. Regressing Security Vulnerabilities with Standalone Scripts

00. Module Overview.mp4

01:07

01. Extreme Programming Rule and a Security Regression Test.mp4

03:07

02. OWASP ZAP and Security Regression Testing.mp4

01:47

03. Regressing an XSS Vulnerability.mp4

08:55

04. Regressing an Unvalidated Redirect Vulnerability.mp4

05:04

05. Running Scripts from Command Line with Standalone ZEST Runner .mp4

05:05

06. HTTP Sender Script to Merge Multiple Cookie Headers.mp4

07:46

07. Running Standalone ZEST Scripts.mp4

01:46

07. Wrap up and Summary

00. Debugging Tips.mp4

02:22

01. Loading Scripts through config.xml and ZAP APIs.mp4

01:09

02. Staying Abreast of OWASP ZAP and Reaching out for Help.mp4

01:26

03. Key Takeaways .mp4

01:40

Description

Do you want to automate your web security activities? Learn to write custom scripts with OWASP ZAP to detect and guard against application specific vulnerabilities while building security into the software.

What You'll Learn?

Software delivery is becoming faster than ever and security is always trying to catch up with DevOps. Automated tools have proven to aid with rapid identification of security bugs, but it gets challenging when automated assessments aren't customized to an application's context. In this course, Writing Custom Scripts for OWASP Zed Attack Proxy, you will gain the ability to extend your dynamic application security assessments through the power of custom scripts. First, you will learn the various extension points in OWASP ZAP through the supported scripting types and scripting languages. Next, you will discover how to tackle some of the everyday challenges from effectively communicating security bugs to scripting complicated authentications for automated vulnerability assessments. Finally, you will explore how to identify common vulnerabilities specific to your application's context and guarding against those vulnerabilities coming up again. When you are finished with this course, you will have the skills and knowledge of writing custom security scripts needed to incorporate essential DevSecOps activities.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Marudhamaran Gunasekaran

Instructor's Courses

Marudhamaran Gunasekaran is a Security Consultant and a DevSecOps Lead with DevOn, part of The Waada, Prowareness Group. He plays various roles at work including but not limited to a Security Coach, Trainer, Agile coach, and Compliance Manager. Maran takes joy in staying abreast with the security advancements, contributing to open source community with most recent contributions to OWASP projects, evangelizing security among DevOps professionals as an Ambassador for the DevOps Institute. Some of his certifications with Security and Agile Coaching include Certified Ethical Hacker, EC-Council Certified Security Analyst, ISO 27001 Lead Auditor, DevOps Institute Certified Instructor for DevOps, and DevSecOps, Professional Scrum Master I, II, and III, Professional Scrum Expert, and Professional Scrum Product Owner. At his spare time he relaxes with Henry David Thoreau, learns to cook a new dish from the Indian cuisine, and enjoys his rediscovered hobby of gardening.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.