ZED ATTACK PROXY COOKBOOK hacking tactics, techniques, and procedures for testing web applications and APIs
Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool Purchase of the print or Kindle book includes a free PDF eBook Key Features Master ZAP to protect your systems from different cyber attacks Learn cybersecurity best practices using this step-by-step guide packed...
| Main Authors: | , , |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
[S.l.]
PACKT PUBLISHING LIMITED
2023
|
| Edition: | 1st edition |
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- How to do it...
- How it works...
- See also
- Fuzzing with Fuzzer
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Chapter 3: Configuring, Crawling, Scanning, and Reporting
- Technical requirements
- Setting scope in ZAP
- Getting ready
- How to do it...
- How it works...
- Crawling with the Spider
- Getting ready
- How to do it...
- How it works...
- Crawling with the AJAX Spider
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Scanning a web app passively
- Getting ready
- How to do it...
- How it works...
- There's more..
- See also
- Scanning a web app actively
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Generating a report
- Getting ready
- How to do it...
- How it works...
- See also
- Chapter 4: Authentication and Authorization Testing
- Technical requirements
- Testing for Bypassing Authentication
- Getting ready
- How to do it...
- How it works...
- Testing for Credentials Transported over an Encrypted Channel
- Getting ready
- How to do it...
- How it works...
- Testing for Default Credentials
- Getting ready
- How to do it...
- How it works...
- There's more..
- Technical requirements
- Persisting a session
- Getting ready
- How to do it...
- How it works...
- Menu bar
- Getting ready
- How to do it...
- How it works...
- There's more...
- Toolbar
- Getting ready
- How to do it...
- How it works...
- See also
- The tree window
- Getting ready
- How to do it...
- How it works...
- Workspace window
- Getting ready
- How to do it...
- How it works...
- Information window
- Getting ready
- How to do it...
- How it works...
- There's more...
- Footer
- Getting ready
- How to do it...
- How it works...
- Encode/Decode/Hash dialog
- Getting ready
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Contributors
- Table of Contents
- Preface
- Chapter 1: Getting Started with OWASP Zed Attack Proxy
- Downloading ZAP
- Getting ready
- How to do it...
- Installing Docker
- See also
- Setting up the testing environment
- Getting ready
- How to do it...
- How it works...
- There's more...
- Setting up a browser proxy and certificate
- Getting ready
- How to do it...
- How it works...
- Testing the ZAP setup
- Getting ready
- How to do it...
- How it works...
- Chapter 2: Navigating the UI
- See also
- Testing Directory Traversal File Include
- Getting ready
- How to do it...
- How it works...
- See also
- Testing for Privilege Escalation and Bypassing Authorization Schema
- Getting ready
- How to do it...
- How it works...
- Testing for Insecure Direct Object References
- Getting ready
- How to do it...
- How it works...
- There's more...
- Chapter 5: Testing of Session Management
- Technical requirements
- Mutillidae setup
- Testing for cookie attributes
- Getting ready
- How to do it...
- How it works...
- Testing for cross-site request forgery (CSRF)
- Getting ready