The Best Free Learning Resource For OWASP ZAP out there
- Free tutorial
- Rating: 4.3 out of 54.3 (131 ratings)
- 8,532 students
- 1hr 27min of on-demand video
- Created by Wesley Thijs
- English
What you’ll learn
- Anyone who has used burp suite pro but wants a free alternative
- If you’ve never used a MiTM proxy
- If you want to intercept traffic from your browser to the server
- If you want to automatically scan your application for vulnerabilities
Requirements
- Basic understanding of web applications required
- Basic understanding of web requests required
- Must be able to verify exploits reports on by tool manually
Description
WhatIsThis?
OWASP Zed Attack Proxy AKA ZAP is a great tool for pen-testers and bug bounty hunters alike. Everyone needs a MitM proxy if they are investigating application traffic and while there are many to pick from, ZAP has distinct advantages over all of them.
Compared to burp suite pro, OWASP ZAP includes the same features but is free.
Compared to Charles proxy, ZAP includes more interactivity.
ZAP has context-dependent UI screens, meaning they only show you what is relevant at that time to avoid screen clutter.
ZAP works with a server/database system, allowing you to easily make and restore snapshots.
We can keep on going on forever about it’s clear this is an essential tool for any hacker who takes themselves even the least bit serious. While it may be a bit harder to learn since everyone is used to burp suite, this tutorial aims to guide you through the basics in video format. You can follow along with the instructor and even perform the automated scans on labs that are created by the author.
WhoAmI?
My name is Wesley Thijs and I’ve been an instructor for about 3 years now. Before this, I was a QA engineer and since recently also a full-time pentester in my own company. I love seeing people floorish and rise up to the challenges that face us as hackers. Of course, we all know information is free on the internet anywhere we look but it’s also this overwhelming feeling of information that led me to start creating courses that follow an easy to follow along guide with labs you can try all this hacking violence on.
Who this course is for:
- Beginner pentesters
- Medior/Senior pentesters who want to learn a new MiTM Proxy
- DevOps Engineers who want to integrate this tool in their CI/CD pipelines
Show less
Course content
14 sections • 20 lectures • 1h 27m total lengthCollapse all sections
Introduction1 lecture • 2min
- Introduction02:24
001. OWASP ZAP Intro screen1 lecture • 6min
- 001. OWASP ZAP Intro screen06:06
002. Contexts1 lecture • 1min
- 002. Contexts01:18
003. Site Tree1 lecture • 2min
- 003. Site Tree01:47
004. Automated scanning1 lecture • 4min
- 004. Automated scanning03:33
005. Fuzzing1 lecture • 2min
- 005. Fuzzing02:06
006. Directory brute forcing1 lecture • 1min
- 006. Directory brute forcing01:09
007. Interruptor1 lecture • 1min
- 007. Interruptor00:47
008 add-ons1 lecture • 1min
- 008. Add-ons00:56
009. Manual browsing1 lecture • 1min
- 009. Manual browsing01:15
practical BAC automation with ZAP1 lecture • 15min
- ZAP BAC With Access control14:55
010. A simulated pentest1 lecture • 2min
- 010. A simulated pentest02:11
Practical examples5 lectures • 16min
- 000 – Intro00:16
- 001. Automatic scanning01:56
- 002. Directory brute forcing00:56
- 003. Fuzzing04:36
- 004. Broken Access Control08:34
999. Extras3 lectures • 33min
- 5 ways ZAP is better then Burp Suite01:00
- OWASP Zap Is Awesome_ First Impressions (1)14:42
- The advantages of OWASP Foundation ZAP16:51
