OWASP ZAP Simple Guide
오늘 이야기하는 내용
OWASP?
OWASP ZAP?
OWASP ZAP 기능 소개
OWASP ZAP 이용방법소개
OWASP ZAP 이용시 주의 사항
OWASP?
Open
Web
Application
Security
Project
The OWASP Foundation's Project
The OWASP Foundation?
Worldwide not-for-profit organization
Focused on improving the security of
software/service/develop process
The OWASP Foundation's Project?
OWASP Top 10
OWASP ZAP
OWASP ZAP?
OWASP Zed Attack Proxy
one of the world's
most popular {Free}
security tools
maintained by hundreds of international volunteers
It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications
ZAP is designed specifically for testing web applications and is both flexible and extensible.
웹 취약점 점검 도구
OWASP ZAP (간단히) 기능 소개
1. Spider
2. Scan
3. Report
OWASP ZAP 이용방법소개
( 간단한 자동 웹 취약점 스캐너 중심으로)
OWASP ZAP 이용시 주의 사항
직접 관리하는 서버를 대상으로만 실행
정리하면
OWASP?
OWASP ZAP?
OWASP ZAP 기능 소개
OWASP ZAP 이용방법소개
OWASP ZAP 이용시 주의 사항
Thank You!
Reference
・https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
・https://github.com/zaproxy/zaproxy/wiki
・https://en.wikipedia.org/wiki/OWASP_ZAP
・https://en.wikipedia.org/wiki/Web_application_security
・https://www.owasp.org/index.php/Category:OWASP_Project
・https://github.com/zaproxy/zaproxy/wiki/Downloads
・https://github.com/zaproxy/zaproxy/wiki
・https://en.wikipedia.org/wiki/OWASP_ZAP
・https://en.wikipedia.org/wiki/Web_application_security
・https://www.owasp.org/index.php/Category:OWASP_Project
・https://github.com/zaproxy/zaproxy/wiki/Downloads