PenTesting with OWASP ZAP: mastery course
Complete security testing with Zed attack proxy. A must have tool mastery for hackers, pentesters, developers, coders, even experienced security professionals
[+] Course at a glance
Welcome, to this course, "PenTesting with OWASP ZAP" a fine grained course that enables you to test web application, automated testing, manual testing, fuzzing web applications, perform bug hunting and complete web assessment using ZAP. focused over ease of use and with special abilities to take down the web applications that most of the tool will leave you with unnoticed and or, un touched critical vulnerabilities in web applications but then the ZAP comes to rescue and do the rest what other tools can not find.
"This course is completely focused over pen testing web applications with ZAP"
The ZAP, is a fine grained tool that every penetration testers, hacker, developers must have in their arsenal and hence required a solid understanding and through training to perform security testing from its core. ZAP can work with and integrate with many tools in the hacking, penetration testing segment such as: SQLmap, nmap, Burp suite, Nikto and every tool inside kali linux. Invoking with burp gives much flexibility to combine the power of ZAP and burp suite at the same time and in complete order.
[+] Some special features of the ZAP
- Quick start using “point and shoot”
- Intercepting proxy with liked browser
- Proxying through zap then scanning
- Manual testing with automated testing
- ZAP HUD mode, to test apps and attack in a single page
- Attack modes for different use cases.
- Active scanning with passive scanning
- Requester for Manual testing
- Plug-n-hack support
- Can be easily integrated into CI/CD
- Powerful REST based API
- Traditional AJAX spider
- Support for the wide range of scripting languages
- Smart card support
- Port scanning
- Parameter analysis
- Invoking and using other apps I.e: Burp suite
- Session management
- Anti-CSRF token handling
- Dynamic SSL certificates support
And much more...
[+] Course materials
- Offline access to read PDF slides
- 8+ Hours of Videos lessons
- Self-paced HTML/Flash
- Access from PC, TABLETS, SMARTPHONES.
- PDF Slide
At the end of this course, you will get Verifiable "Certificate of completion"
Below is the format of the certificate that you will be mailed at the end and completion of all the lessons. It certifies you and proves that you have successfully completed the course with mastery.
Ethical hacker | Penetration tester | Security Evangelist | CISSP | IT AUDITOR | Cyber laws expert | Author | Public speaker |
Having more than 10 years of working experience in information security field.
Have trained more than 90k students on the topic of Information security & penetration testing in classroom mode as well as online. with expertise in web application penetration testing, i have performed several penetration tests and security audits, security analysis with private, governments and security agencies to help assist with to cope with cyber threats.
StartAutomated attack under 5 minutes (17:56)
StartSpidering the target (24:12)
StartFuzzing targets in action (23:30)
StartActive scanning attacks (22:11)
StartBreak points and Requestor (15:21)
StartAuthentication & session management in ZAP (25:23)
StartForced browsing DIRs and Files using ZAP (12:22)
StartAttack Surface Detector - SAST on ASP.NET MVC (18:08)
StartInvoking applications into ZAP (16:38)
StartInvoking Burp suite into ZAP - Best strategy (9:24)
StartHUD mode - Heads-up display (17:27)
StartZAP API testing (15:14)
StartOther useful tools add-ons inside zap (29:02)
StartGenerating Reports in multiple format (6:55)