OWASP ZAP Simple Guide

오늘 이야기하는 내용

OWASP?
OWASP ZAP?
OWASP ZAP 기능 소개
OWASP ZAP 이용방법소개
OWASP ZAP 이용시 주의 사항

OWASP?

Open
Web
Application
Security
Project

The OWASP Foundation's Project

The OWASP Foundation?

Worldwide not-for-profit organization
Focused on improving the security of
software/service/develop process

The OWASP Foundation's Project?

projects

OWASP Top 10

2017

OWASP ZAP

owasp

OWASP ZAP?

OWASP Zed Attack Proxy

one of the world's
most popular {Free}
security tools

maintained by hundreds of international volunteers

It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications

ZAP is designed specifically for testing web applications and is both flexible and extensible.

웹 취약점 점검 도구

OWASP ZAP (간단히) 기능 소개

1. Spider

quick start

2. Scan

quick start

3. Report

quick start

OWASP ZAP 이용방법소개

( 간단한 자동 웹 취약점 스캐너 중심으로)

quick start
quick start
alert

OWASP ZAP 이용시 주의 사항

직접 관리하는 서버를 대상으로만 실행

정리하면

OWASP?
OWASP ZAP?
OWASP ZAP 기능 소개
OWASP ZAP 이용방법소개
OWASP ZAP 이용시 주의 사항

Thank You!

Reference

・https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
・https://github.com/zaproxy/zaproxy/wiki
・https://en.wikipedia.org/wiki/OWASP_ZAP
・https://en.wikipedia.org/wiki/Web_application_security
・https://www.owasp.org/index.php/Category:OWASP_Project
・https://github.com/zaproxy/zaproxy/wiki/Downloads