Web Application Security Testing with OWASP ZAP

4.2
별점
218개의 평가
제공자:
Coursera Project Network
4,878명이 이미 등록했습니다.
학습자는 이 안내 프로젝트에서 다음을 수행하게 됩니다.

Scan websites for vulnerabilities

Setup and use OWASP ZAP Proxy

Use a dictionary list to find files and folders and spider crawl to find links and URLs

Clock1.5 hours
Intermediate중급
Cloud다운로드 필요 없음
Video분할 화면 동영상
Comment Dots영어
Laptop데스크톱 전용

By the end of this project, you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application. Note: This course works best for learners who are based in the North America region. We’re currently working on providing the same experience in other regions.

단계별 학습

작업 영역이 있는 분할 화면으로 재생되는 동영상에서 강사는 다음을 단계별로 안내합니다.

  1. Introduction and overview of what OWASP ZAP is and how it is important for web security professionals.

  2. Understand the layout of OWASP ZAP and scan a website for vulnerabilities.

  3. Analyze the OWASP ZAP vulnerability scan results and generate a vulnerability report from those results.

  4. Setup and configure FoxyProxy within the Firefox browser to use ZAP as a proxy.

  5. Find files and directories of a web server using a dictionary list within OWASP ZAP.

  6. Using OWASP ZAP to crawl and spider websites to find links and URLs.

  7. Using OWASP ZAP as a web proxy to intercept a valid request, modify it to make it invalid, and then send it to the web server to provoke unexpected behavior from it.

안내형 프로젝트 진행 방식

작업 영역은 브라우저에 바로 로드되는 클라우드 데스크톱으로, 다운로드할 필요가 없습니다.

분할 화면 동영상에서 강사가 프로젝트를 단계별로 안내해 줍니다.

강사

검토

WEB APPLICATION SECURITY TESTING WITH OWASP ZAP의 최상위 리뷰

모든 리뷰 보기

자주 묻는 질문

자주 묻는 질문

궁금한 점이 더 있으신가요? 학습자 도움말 센터를 방문해 보세요.