How To | OWASP ZAP Finding Vulnerabilities
iSpeech.org
Offensive Security Online Courses: https://www.blackhatethicalhacking.com/courses/
Complete Metasploit Course on Vimeo: https://vimeo.com/blackhatethicalhacking
Hello Everyone!
In this How-To video we are going to take a look at how to
find vulnerabilities in a web application using the tool "OWASP-ZAP".
We are going to setup "OWASP-ZAP" as a proxy in which we can send our traffic, which is then analyzed by the web application vulnerability scanner. Furthermore, we are going to do some basic recon on the web server and show you how to perform an active vulnerability scan using the program that is installed in Kali Linux by default.
For testing purposes we've setup an "Xtreme Vulnerable Web Application" (XVWA) as the simulated target. You can download it and experiment with it yourself, here:
https://github.com/s4n7h0/xvwa
Disclaimer:
This video is performed for educational purpose only, it will help Cyber Security Researchers expand their knowledge as to how such attacks take place, everything is done on self owned machines and do not support promotion for such techniques, we are not responsible for any damage done in reference to this training, Black Hat Ethical Hacking or any security research engineer performing this demo is not held responsible for the actions of others and do not influence such attacks to be done WITHOUT the consents of the other party or part of a penetration testing after an NDA agreement signed between both parties. And now, Enjoy !
GitHub
s4n7h0/xvwaxvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
Support our work on Patreon:
https://www.patreon.com/blackhatethicalhacking
#howto #owaspzap #blackhatethicalhacking
video, sharing, camera phone, video phone, free, upload
2018-04-14 09:13:08
source
Gloss