Zed Attack Proxy Cookbook

Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs
English | Size: 27.19 MB
Genre: eLearning

Maintaining your cybersecurity posture in the ever-changing, fast-paced security landscape requires constant attention and advancements. This book will help you safeguard your organization using the free and open source OWASP Zed Attack Proxy (ZAP) tool, which allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool.

Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from various adversaries. If you’re interested in cybersecurity or working as a cybersecurity professional, this book will help you master ZAP.

You’ll start with an overview of ZAP and understand how to set up a basic lab environment for hands-on activities over the course of the book. As you progress, you’ll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, along with advanced techniques such as Java deserialization.

By the end of this ZAP book, you’ll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for API testing, deploy an integrated BOAST server, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline.

What you will learn
Install ZAP on different operating systems or environments
Explore how to crawl, passively scan, and actively scan web apps
Discover authentication and authorization exploits
Conduct client-side testing by examining business logic flaws
Use the BOAST server to conduct out-of-band attacks
Understand the integration of ZAP into the final stages of a CI/CD pipeline
Who this book is for
This book is for cybersecurity professionals, ethical hackers, application security engineers, DevSecOps engineers, students interested in web security, cybersecurity enthusiasts, and anyone from the open source cybersecurity community looking to gain expertise in ZAP. Familiarity with basic cybersecurity concepts will be helpful to get the most out of this book.

Table of Contents
Getting Started with OWASP Zed Attack Proxy
Navigating the UI
Configuring, Crawling, Scanning, and Reporting
Authentication and Authorization Testing
Testing of Session Management
Validating (Data) Inputs – Part 1
Validating (Data) Inputs – Part 2
Business Logic Testing
Client-Side Testing
Advanced Attack Techniques
Advanced Adventures with ZAP



If any links die or problem unrar, send request to

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.