SlideShare a Scribd company logo

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015

Download as odp, pdf
G
gmaran23

The document discusses a tech talk by Prowareness on automating web application security testing using OWASP ZAP, highlighting its challenges, features, and benefits for developers. It outlines the importance of incorporating security testing early in the development lifecycle and presents the OWASP ZAP .NET API for automating these processes. Additionally, it provides resources for further learning and engagement with the OWASP community.

Technology
1 of 21
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
The OWASP Foundation http://www.owasp.org Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. Prowareness Tech Talk Tuesdays 22 Dec 2015 Automating Web Application Security Testing with OWASP ZAP DOT NET API The OWASP Zed Attack Proxy https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI Marudhamaran Gunasekaran Zap Contributor @gmaran23
2 Prelude • This talk adds up on the previous talks in Dot Net Bangalore. If you are new to OWASP ZAP – watch these first (use QR code to scan the urls) • Practical Security Testing For Developers Using OWASP ZAP - http://wp.me/p323iP-fO • OWASP ZAP Demonstration – http://wp.me/p323iP-fV • Dot Net Web Application Security http://wp.me/p323iP-fS http://wp.me/p323iP-ib
3 Agenda • Application Security Program Challenges • Why OWASP ZAP? • Earlier episodes on Dot Net Security and OWASP ZAP • ZAP – Operating Modes • ZAP Demonstration – API • OWASP ZAP DOT NET API - Automating •
4 The problems • Most developers know very little about security • Most companies have very few application security folks • External consultants cost $$$$$ • Security testing is done late in the application development lifecycle (it at all is done)
5 Part of the Solution • Use a security tool like ZAP in development • In addition to security training, secure development lifecycle, threat modelling, static source code analysis, secure code reviews, professional pentesting…
6 Why ZAP? •An easy to use webapp pentest tool •Completely free and open source •Source code updated almost every day •One of the OWASP Flagship projects •Ideal for beginners, But also used by professionals • •Powerful API - for automated security tests
7 The app sec foundations • Vulnerability Analysis – Look for weak spots • Penetration Testing – Exploit the weaknesses • Security Testing – May involve both or just VA
8 The app sec tool foundations • Spider or Crawler – Gather information about what to attack • Passive Scan – Static analysis on the gathered information (HTTP requests and responses) • Active Scan – Send attack (potentially harmful) payloads to exploit / confirm weakness
9 Download ZAP • Download OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Prox
10 ZAP API demo Headless attack!
11 Introducing the OWASP ZAP DOT NET API https://www.nuget.org/packages/OWASPZAPDotNetAPI/
12 OWASP ZAP DOT NET API Source Code and Sampleshttps://github.com/zaproxy/zap-api-dotnet
13 Automating authenticated scans 1. Create a context in the name of the application 2. Choose the mode of authentication (for instance Forms Authentication) 3. Provide Authentication information 4. Spider 5. Scan 6. Verify 7. Fix
14 Security Regression Testing Well, let me watch you here!
15 Security Regression Testing Well, let me watch you here!
ZAP – Need Help? ZAP user group - https://groups.google.com/forum/#!forum/zaproxy-users ZAP Evangelists - https://github.com/zaproxy/zaproxy/wiki/ZapEvangelists ZAP Developers group - https://groups.google.com/forum/#!forum/zaproxy-develo
ZAP - Get Involved Use the tool Recommend Write Add-ons Write Scanners / Scripts Report bugs
Conclusion • Consider security at all stages of development cycle • OWASP ZAP is ideal for automating security tests • It is also a great way to learn about security “Man is a tool-using animal. Without tools he is nothing, with “right set of” tools he is all”
Any Questions? http://www.owasp.org/index.php/ZAP
20 Postlude • This talk adds up on the previous talks in Dot Net Bangalore. If you are new to OWASP ZAP – watch these first (use QR code to scan the urls) • Practical Security Testing For Developers Using OWASP ZAP - http://wp.me/p323iP-fO • OWASP ZAP Demonstration – http://wp.me/p323iP-fV • Dot Net Web Application Security http://wp.me/p323iP-fS http://wp.me/p323iP-ib
21 Postlude - Extended • OWASP App sec tutorial series https://www.youtube.com/user/AppsecTutorialSeries • OWASP ZAP – Ajax Spidering with Authentication http://wp.me/p323iP-en • Cross Site Scripting [XSS] http://wp.me/p323iP-es • XML – Attack surface and Defenses http://wp.me/p323iP-cU • Sql injection exploitation and prevention part 1 http://wp.me/p323iP-bi • Sql injection exploitation and prevention part 2 http://wp.me/p323iP-by

More Related Content

What's hot (20)

PPTX
Security threats
Qamar Farooq
 
PDF
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
PPTX
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
PDF
Blind XSS & Click Jacking
n|u - The Open Security Community
 
PDF
Remote File Inclusion (RFI) Vulnerabilities 101
Imperva
 
PPTX
Penetration testing reporting and methodology
Rashad Aliyev
 
PDF
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP
 
PPTX
Bug Bounty for - Beginners
Himanshu Kumar Das
 
PPTX
Cyber-Security & Hacking
ZayedMufti
 
PPTX
Learn to pen-test with OWASP ZAP
Paul Ionescu
 
PPTX
Spyware
Kardan university, kabul , Afghanistan
 
PDF
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
PDF
Bug Bounty - Hackers Job
Arbin Godar
 
PPT
Web Hacking
Information Technology
 
PPTX
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
PPTX
Cyber security & awareness
Rishab garg
 
PPTX
Bug bounty
n|u - The Open Security Community
 
PPTX
Getting Started with API Security Testing
SmartBear
 
PPTX
Burp suite
SOURABH DESHMUKH
 
PPTX
Metasploit
henelpj
 
Security threats
Qamar Farooq
 
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Blind XSS & Click Jacking
n|u - The Open Security Community
 
Remote File Inclusion (RFI) Vulnerabilities 101
Imperva
 
Penetration testing reporting and methodology
Rashad Aliyev
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP
 
Bug Bounty for - Beginners
Himanshu Kumar Das
 
Cyber-Security & Hacking
ZayedMufti
 
Learn to pen-test with OWASP ZAP
Paul Ionescu
 
Spyware
Kardan university, kabul , Afghanistan
 
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
Bug Bounty - Hackers Job
Arbin Godar
 
Web Hacking
Information Technology
 
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Cyber security & awareness
Rishab garg
 
Bug bounty
n|u - The Open Security Community
 
Getting Started with API Security Testing
SmartBear
 
Burp suite
SOURABH DESHMUKH
 
Metasploit
henelpj
 

Viewers also liked (9)

PDF
Automation testing API in Java
Wix.com
 
PDF
Pragmatic Java Test Automation
Dmitry Buzdin
 
PPTX
Deploy and Destroy Complete Test Environments
Bas Dijkstra
 
PDF
2015-StarWest presentation on REST-assured
Eing Ong
 
PDF
Api testing
test test
 
PDF
4 Major Advantages of API Testing
QASource
 
PDF
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
PPTX
Api testing
Keshav Kashyap
 
PDF
How to Automate API Testing
Bruno Pedro
 
Automation testing API in Java
Wix.com
 
Pragmatic Java Test Automation
Dmitry Buzdin
 
Deploy and Destroy Complete Test Environments
Bas Dijkstra
 
2015-StarWest presentation on REST-assured
Eing Ong
 
Api testing
test test
 
4 Major Advantages of API Testing
QASource
 
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
Api testing
Keshav Kashyap
 
How to Automate API Testing
Bruno Pedro
 
Ad

Similar to Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015 (20)

PDF
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
gmaran23
 
PDF
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
gmaran23
 
PDF
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren
 
ODP
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
gmaran23
 
ODP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
Simon Bennetts
 
ODP
AllDayDevOps ZAP automation in CI
Simon Bennetts
 
ODP
OWASP 2012 AppSec Dublin ZAP Intro
Simon Bennetts
 
ODP
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
ODP
Simon Bennetts - Automating ZAP
DevSecCon
 
PDF
we45 DEFCON Workshop - Building AppSec Automation with Python
Abhay Bhargav
 
PPTX
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
PDF
OISC 2019 - The OWASP Top 10 & AppSec Primer
ThreatReel Podcast
 
PDF
AppSec & OWASP Top 10 Primer
ThreatReel Podcast
 
PDF
Zed Attack Proxy (ZAP)
JAINAM KAPADIYA
 
PDF
DAST in CI/CD pipelines using Selenium & OWASP ZAP
srini0x00
 
PDF
Automating OWASP Tests in your CI/CD
rkadayam
 
PDF
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
PDF
ISC2: AppSec & OWASP Primer
ThreatReel Podcast
 
PDF
OWASP DefectDojo - Open Source Security Sanity
Matt Tesauro
 
ODP
CiNPA Security SIG - AppSec Presentation
ThreatReel Podcast
 
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
gmaran23
 
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
gmaran23
 
Silent web app testing by example - BerlinSides 2011
Abraham Aranguren
 
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
gmaran23
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
Simon Bennetts
 
AllDayDevOps ZAP automation in CI
Simon Bennetts
 
OWASP 2012 AppSec Dublin ZAP Intro
Simon Bennetts
 
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
Simon Bennetts - Automating ZAP
DevSecCon
 
we45 DEFCON Workshop - Building AppSec Automation with Python
Abhay Bhargav
 
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
ThreatReel Podcast
 
AppSec & OWASP Top 10 Primer
ThreatReel Podcast
 
Zed Attack Proxy (ZAP)
JAINAM KAPADIYA
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
srini0x00
 
Automating OWASP Tests in your CI/CD
rkadayam
 
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
ISC2: AppSec & OWASP Primer
ThreatReel Podcast
 
OWASP DefectDojo - Open Source Security Sanity
Matt Tesauro
 
CiNPA Security SIG - AppSec Presentation
ThreatReel Podcast
 
Ad

More from gmaran23 (14)

PDF
First Software Security Netherlands Meet Up - Delft - 18 May 2017
gmaran23
 
PPTX
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
gmaran23
 
PDF
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
gmaran23
 
PDF
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
gmaran23
 
PDF
Performance Appraisals in Agile Environment Nagesh Sharma
gmaran23
 
PPTX
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
gmaran23
 
PPTX
What Can I Learn From You?
gmaran23
 
PPTX
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
gmaran23
 
PPTX
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
gmaran23
 
ODP
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
gmaran23
 
PPTX
Six steps for securing offshore development
gmaran23
 
PPTX
Devouring Security Insufficient data validation risks Cross Site Scripting
gmaran23
 
PPTX
Devouring Security XML Attack surface and Defences
gmaran23
 
PPT
Devouring Security Sqli Exploitation and Prevention
gmaran23
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
gmaran23
 
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
gmaran23
 
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
gmaran23
 
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
gmaran23
 
Performance Appraisals in Agile Environment Nagesh Sharma
gmaran23
 
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
gmaran23
 
What Can I Learn From You?
gmaran23
 
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
gmaran23
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
gmaran23
 
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
gmaran23
 
Six steps for securing offshore development
gmaran23
 
Devouring Security Insufficient data validation risks Cross Site Scripting
gmaran23
 
Devouring Security XML Attack surface and Defences
gmaran23
 
Devouring Security Sqli Exploitation and Prevention
gmaran23
 

Recently uploaded (20)

PDF
The Growing Value and Application of FME & GenAI
Safe Software
 
PDF
5 Things to Consider When Deploying AI in Your Enterprise
Safe Software
 
PDF
“Scaling i.MX Applications Processors’ Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
 
PDF
Automating the Geo-Referencing of Historic Aerial Photography in Flanders
Safe Software
 
PDF
Database Benchmarking for Performance Masterclass: Session 2 - Data Modeling ...
ScyllaDB
 
PDF
Unlocking FME Flow’s Potential: Architecture Design for Modern Enterprises
Safe Software
 
PDF
EIS-Webinar-Engineering-Retail-Infrastructure-06-16-2025.pdf
Earley Information Science
 
PDF
The Future of Product Management in AI ERA.pdf
Alyona Owens
 
PDF
Redefining Work in the Age of AI - What to expect? How to prepare? Why it mat...
Malinda Kapuruge
 
PDF
Java 25 and Beyond - A Roadmap of Innovations
Ana-Maria Mihalceanu
 
PDF
Python Conference Singapore - 19 Jun 2025
ninefyi
 
PDF
Open Source Milvus Vector Database v 2.6
Zilliz
 
PPTX
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
 
PDF
2025_06_18 - OpenMetadata Community Meeting.pdf
OpenMetadata
 
PDF
Darley - FIRST Copenhagen Lightning Talk (2025-06-26) Epochalypse 2038 - Time...
treyka
 
PDF
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Saikat Basu
 
PDF
Hello I'm "AI" Your New _________________
Dr. Tathagat Varma
 
PPTX
reInforce 2025 Lightning Talk - Scott Francis.pptx
ScottFrancis51
 
PDF
Enhancing Environmental Monitoring with Real-Time Data Integration: Leveragin...
Safe Software
 
PDF
LLM Search Readiness Audit - Dentsu x SEO Square - June 2025.pdf
Nick Samuel
 
The Growing Value and Application of FME & GenAI
Safe Software
 
5 Things to Consider When Deploying AI in Your Enterprise
Safe Software
 
“Scaling i.MX Applications Processors’ Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
 
Automating the Geo-Referencing of Historic Aerial Photography in Flanders
Safe Software
 
Database Benchmarking for Performance Masterclass: Session 2 - Data Modeling ...
ScyllaDB
 
Unlocking FME Flow’s Potential: Architecture Design for Modern Enterprises
Safe Software
 
EIS-Webinar-Engineering-Retail-Infrastructure-06-16-2025.pdf
Earley Information Science
 
The Future of Product Management in AI ERA.pdf
Alyona Owens
 
Redefining Work in the Age of AI - What to expect? How to prepare? Why it mat...
Malinda Kapuruge
 
Java 25 and Beyond - A Roadmap of Innovations
Ana-Maria Mihalceanu
 
Python Conference Singapore - 19 Jun 2025
ninefyi
 
Open Source Milvus Vector Database v 2.6
Zilliz
 
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
 
2025_06_18 - OpenMetadata Community Meeting.pdf
OpenMetadata
 
Darley - FIRST Copenhagen Lightning Talk (2025-06-26) Epochalypse 2038 - Time...
treyka
 
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Saikat Basu
 
Hello I'm "AI" Your New _________________
Dr. Tathagat Varma
 
reInforce 2025 Lightning Talk - Scott Francis.pptx
ScottFrancis51
 
Enhancing Environmental Monitoring with Real-Time Data Integration: Leveragin...
Safe Software
 
LLM Search Readiness Audit - Dentsu x SEO Square - June 2025.pdf
Nick Samuel
 

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015

  • 1. The OWASP Foundation http://www.owasp.org Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. Prowareness Tech Talk Tuesdays 22 Dec 2015 Automating Web Application Security Testing with OWASP ZAP DOT NET API The OWASP Zed Attack Proxy https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI Marudhamaran Gunasekaran Zap Contributor @gmaran23
  • 2. 2 Prelude • This talk adds up on the previous talks in Dot Net Bangalore. If you are new to OWASP ZAP – watch these first (use QR code to scan the urls) • Practical Security Testing For Developers Using OWASP ZAP - http://wp.me/p323iP-fO • OWASP ZAP Demonstration – http://wp.me/p323iP-fV • Dot Net Web Application Security http://wp.me/p323iP-fS http://wp.me/p323iP-ib
  • 3. 3 Agenda • Application Security Program Challenges • Why OWASP ZAP? • Earlier episodes on Dot Net Security and OWASP ZAP • ZAP – Operating Modes • ZAP Demonstration – API • OWASP ZAP DOT NET API - Automating •
  • 4. 4 The problems • Most developers know very little about security • Most companies have very few application security folks • External consultants cost $$$$$ • Security testing is done late in the application development lifecycle (it at all is done)
  • 5. 5 Part of the Solution • Use a security tool like ZAP in development • In addition to security training, secure development lifecycle, threat modelling, static source code analysis, secure code reviews, professional pentesting…
  • 6. 6 Why ZAP? •An easy to use webapp pentest tool •Completely free and open source •Source code updated almost every day •One of the OWASP Flagship projects •Ideal for beginners, But also used by professionals • •Powerful API - for automated security tests
  • 7. 7 The app sec foundations • Vulnerability Analysis – Look for weak spots • Penetration Testing – Exploit the weaknesses • Security Testing – May involve both or just VA
  • 8. 8 The app sec tool foundations • Spider or Crawler – Gather information about what to attack • Passive Scan – Static analysis on the gathered information (HTTP requests and responses) • Active Scan – Send attack (potentially harmful) payloads to exploit / confirm weakness
  • 9. 9 Download ZAP • Download OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Prox
  • 11. 11 Introducing the OWASP ZAP DOT NET API https://www.nuget.org/packages/OWASPZAPDotNetAPI/
  • 12. 12 OWASP ZAP DOT NET API Source Code and Sampleshttps://github.com/zaproxy/zap-api-dotnet
  • 13. 13 Automating authenticated scans 1. Create a context in the name of the application 2. Choose the mode of authentication (for instance Forms Authentication) 3. Provide Authentication information 4. Spider 5. Scan 6. Verify 7. Fix
  • 16. ZAP – Need Help? ZAP user group - https://groups.google.com/forum/#!forum/zaproxy-users ZAP Evangelists - https://github.com/zaproxy/zaproxy/wiki/ZapEvangelists ZAP Developers group - https://groups.google.com/forum/#!forum/zaproxy-develo
  • 17. ZAP - Get Involved Use the tool Recommend Write Add-ons Write Scanners / Scripts Report bugs
  • 18. Conclusion • Consider security at all stages of development cycle • OWASP ZAP is ideal for automating security tests • It is also a great way to learn about security “Man is a tool-using animal. Without tools he is nothing, with “right set of” tools he is all”
  • 20. 20 Postlude • This talk adds up on the previous talks in Dot Net Bangalore. If you are new to OWASP ZAP – watch these first (use QR code to scan the urls) • Practical Security Testing For Developers Using OWASP ZAP - http://wp.me/p323iP-fO • OWASP ZAP Demonstration – http://wp.me/p323iP-fV • Dot Net Web Application Security http://wp.me/p323iP-fS http://wp.me/p323iP-ib
  • 21. 21 Postlude - Extended • OWASP App sec tutorial series https://www.youtube.com/user/AppsecTutorialSeries • OWASP ZAP – Ajax Spidering with Authentication http://wp.me/p323iP-en • Cross Site Scripting [XSS] http://wp.me/p323iP-es • XML – Attack surface and Defenses http://wp.me/p323iP-cU • Sql injection exploitation and prevention part 1 http://wp.me/p323iP-bi • Sql injection exploitation and prevention part 2 http://wp.me/p323iP-by