Zed Attack Proxy Cookbook

By Ryan Soper , Nestor Torres , Ahmed Almoailu
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies

About this book

Security is an ever-changing, fast-paced discipline. Thankfully, there are free tools that you can use to protect your systems. OWASP Zed Attack Proxy (ZAP) is the most popular one: it allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool! But how does it work?

Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from adversaries of every description. If you're interested in cybersecurity or already working as a cybersecurity professional, this book will give you mastery of this popular security tool.

You’ll start with an overview of ZAP and understand how to set up a basic lab environment for the hands-on activities covered in the rest of the book. As you progress, you'll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, as well as advanced techniques such as Java deserialization.

By the end of this Zap book, you’ll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for mobile and API testing, install and deploy a BOAST server that works with ZAP, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline, among many other things.

Publication date:
April 2023

About the Authors

  • Ryan Soper

    Ryan Soper is a Senior Application Security Engineer, Web Application Penetration Tester, and USCG Veteran. His career has given him a vast amount of experience in IT consulting & Managed Services across the cyber security landscape. From Application Security and Vulnerability Management to Penetration Testing within industries such as Military, Government, Financial & Investing Services, Banking, and other Professional Services. Ryan is an active member and organizer of DefCon813 and a member of the OWASP Tampa Chapter. Find Ryan on Twitter at soapszzz.

    Browse publications by this author
  • Nestor Torres

    Nestor is a Senior Application Security Engineer, Web application Penetration tester. His experience includes application security, secure coding, IT consulting, penetration tester, and mobile penetration testing. He is an active member and organizer of the DefCon813 Chapter and OWASP Tampa Chapter. You can find him in his local Bsides Orlando and Tampa, as well as other conferences like Defcon and OWASP events. Nestor holds Certifications such as Sec+, eJPT, eWPT. Find Nestor on Twitter at n3stortorres.

    Browse publications by this author
  • Ahmed Almoailu

    Ahmed Almoailu is a Cyber Security Engineer with years of experience in Vulnerability Management, Risk Management, Network Security, Cloud Security, and Endpoint Security. He has a Master of Science in Cybersecurity and a Bachelor of Science in Computer Information systems from Saint Leo University and is currently working in healthcare. He is a member of the DefCon813 chapter and participates in security events in the community. Ahmed holds Certified Ethical Hacker (CEH) and AWS Cloud Practitioner.

    Browse publications by this author
Zed Attack Proxy Cookbook
Unlock this book and the full library FREE for 7 days
Start now