Book description
Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
- Master ZAP to protect your systems from different cyber attacks
- Learn cybersecurity best practices using this step-by-step guide packed with practical examples
- Implement advanced testing techniques, such as XXE attacks and Java deserialization, on web applications
Book Description
Maintaining your cybersecurity posture in the ever-changing, fast-paced security landscape requires constant attention and advancements. This book will help you safeguard your organization using the free and open source OWASP Zed Attack Proxy (ZAP) tool, which allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool.
Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from various adversaries. If you're interested in cybersecurity or working as a cybersecurity professional, this book will help you master ZAP.
You'll start with an overview of ZAP and understand how to set up a basic lab environment for hands-on activities over the course of the book. As you progress, you'll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, along with advanced techniques such as Java deserialization.
By the end of this ZAP book, you'll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for API testing, deploy an integrated BOAST server, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline.
What you will learn
- Install ZAP on different operating systems or environments
- Explore how to crawl, passively scan, and actively scan web apps
- Discover authentication and authorization exploits
- Conduct client-side testing by examining business logic flaws
- Use the BOAST server to conduct out-of-band attacks
- Understand the integration of ZAP into the final stages of a CI/CD pipeline
Who this book is for
This book is for cybersecurity professionals, ethical hackers, application security engineers, DevSecOps engineers, students interested in web security, cybersecurity enthusiasts, and anyone from the open source cybersecurity community looking to gain expertise in ZAP. Familiarity with basic cybersecurity concepts will be helpful to get the most out of this book.
Table of contents
- Zed Attack Proxy Cookbook
- Contributors
- About the authors
- About the reviewers
- Disclaimer
- Preface
- Chapter 1: Getting Started with OWASP Zed Attack Proxy
- Chapter 2: Navigating the UI
- Chapter 3: Configuring, Crawling, Scanning, and Reporting
-
Chapter 4: Authentication and Authorization Testing
- Technical requirements
- Testing for Bypassing Authentication
- Testing for Credentials Transported over an Encrypted Channel
- Testing for Default Credentials
- Testing Directory Traversal File Include
- Testing for Privilege Escalation and Bypassing Authorization Schema
- Testing for Insecure Direct Object References
- Chapter 5: Testing of Session Management
- Chapter 6: Validating (Data) Inputs – Part 1
- Chapter 7: Validating (Data) Inputs – Part 2
- Chapter 8: Business Logic Testing
- Chapter 9: Client-Side Testing
- Chapter 10: Advanced Attack Techniques
- Chapter 11: Advanced Adventures with ZAP
- Index
- Other Books You May Enjoy
Product information
- Title: Zed Attack Proxy Cookbook
- Author(s):
- Release date: March 2023
- Publisher(s): Packt Publishing
- ISBN: 9781801817332
You might also like
book
Web Penetration Testing with Kali Linux - Third Edition
Build your defense against web attacks with Kali Linux, including command injection flaws, crypto implementation layers, …
book
Adversarial Tradecraft in Cybersecurity
Master cutting-edge techniques and countermeasures to protect your organization from live hackers. Learn how to harness …
book
Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications
Start with the basics of bug hunting and learn more about implementing an offensive approach by …
book
Mastering Kali Linux for Advanced Penetration Testing - Fourth Edition
Master key approaches used by real attackers to perform advanced pentesting in tightly secured infrastructure, cloud …