Continuing with his introduction to OWASP ZAP, Jerod provides a demo of the tool. He shows you how to access the tool in Kali Linux, and how to run a scan against a target web application. For this demo, Jerod uses a local instance of Juice Box, another OWASP project you should consider exploring in your home lab.
- [Instructor] Let's go back into Kali Linux,…and use OWASP Zap to perform a web application security scan…of a deliberately vulnerable web application.…As I mentioned earlier, OWASP has…published an app called Juice Shop to Heroku.…Juice Shop is one of the deliberately,…vulnerable web applications listed…in the OWASP Vulnerable Web Applications Directory Project.…They're a combination of online and offline applications.…
And I'd like to use the offline version of Juice Shop,…so that we're not interfering…with OWASP's published instance of the application.…The download link on the OWASP page…brings you over to this Git Hub repository,…and if you scroll down,…you'll see under setup that there is a one-click,…deploy to Heroku option.…You can sign up for a free account at heroku.com…using the link here.…
And then, once your account's been activated,…come back to this window, click deploy to Heroku,…and you'll be able to create your own instance…of an online version of the Juice Shop application.…I've done that here at Juice, dash, shop,…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.