Securing Web @ZAP Day-2

             On the second day of workshop we installed the ZAP software and taught them  about the User Interface of ZAP software. After Installing ZAP  we have taken a session about generating a Dynamic SSL certificate and installing on Firefox browser. This SSL certificate is installed on browser for testing the websites using the browser plugin tool as a manual testing of vulnerabilities.

Later Sumanth explained them about the modes of ZAP tool which are used for finding out the vulnerabilities i.e Safe mode, Protected Mode, Standard Mode and Attack Mode.


with a demo on using the ZAP in standard mode and attacking on a test site and showed them the vulnerabilities like XSS Cross Site scripting and other vulnerabilities.
and also explained about many features of  ZAP tool like Intercepting, Fuzzing, Spiders and scanners.


In day two we covered many important concepts like :

  • UI
  • Intercepting
  • Fuzzing concepts
  • Proxy concepts
  • Testing web application

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s