Zed Attack Proxy Cookbook: Hacking tactics, techniques, and procedures for testing web applications and APIs (Paperback)

Dive into security testing and web app scanning with ZAP, a powerful OWASP security tool

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Master ZAP to protect your systems from different cyber attacks
• Learn cybersecurity best practices using this step-by-step guide packed with practical examples
• Implement advanced testing techniques, such as XXE attacks and Java deserialization, on web applications

Book Description

Maintaining your cybersecurity posture in the ever-changing, fast-paced security landscape requires constant attention and advancements. This book will help you safeguard your organization using the free and open source OWASP Zed Attack Proxy (ZAP) tool, which allows you to test for vulnerabilities and exploits with the same functionality as a licensed tool.

Zed Attack Proxy Cookbook contains a vast array of practical recipes to help you set up, configure, and use ZAP to protect your vital systems from various adversaries. If you're interested in cybersecurity or working as a cybersecurity professional, this book will help you master ZAP.

You'll start with an overview of ZAP and understand how to set up a basic lab environment for hands-on activities over the course of the book. As you progress, you'll go through a myriad of step-by-step recipes detailing various types of exploits and vulnerabilities in web applications, along with advanced techniques such as Java deserialization.

By the end of this ZAP book, you'll be able to install and deploy ZAP, conduct basic to advanced web application penetration attacks, use the tool for API testing, deploy an integrated BOAST server, and build ZAP into a continuous integration and continuous delivery (CI/CD) pipeline.

What you will learn

• Install ZAP on different operating systems or environments
• Explore how to crawl, passively scan, and actively scan web apps
• Discover authentication and authorization exploits
• Conduct client-side testing by examining business logic flaws
• Use the BOAST server to conduct out-of-band attacks
• Understand the integration of ZAP into the final stages of a CI/CD pipeline

Who this book is for

This book is for cybersecurity professionals, ethical hackers, application security engineers, DevSecOps engineers, students interested in web security, cybersecurity enthusiasts, and anyone from the open source cybersecurity community looking to gain expertise in ZAP. Familiarity with basic cybersecurity concepts will be helpful to get the most out of this book.

深入探索使用ZAP進行安全測試和網絡應用程式掃描，ZAP是一個強大的OWASP安全工具。

購買印刷版或Kindle電子書將包括一本免費的PDF電子書。

主要特點：

- 掌握ZAP，保護系統免受不同的網絡攻擊。
- 通過這本逐步指南學習最佳的網絡安全實踐，其中包含豐富的實例。
- 在網絡應用程式上實施高級測試技術，如XXE攻擊和Java反序列化。

書籍描述：

在不斷變化、快節奏的安全環境中，保持您的網絡安全姿態需要不斷的關注和進步。本書將幫助您使用免費且開源的OWASP Zed Attack Proxy（ZAP）工具來保護您的組織，該工具具有與授權工具相同的漏洞和攻擊測試功能。

《Zed Attack Proxy Cookbook》包含大量實用的食譜，幫助您設置、配置和使用ZAP來保護您的重要系統免受各種對手的攻擊。如果您對網絡安全感興趣或從事網絡安全專業工作，本書將幫助您掌握ZAP。

您將從ZAP的概述開始，並了解如何設置基本的實驗室環境，以進行本書中的實踐活動。隨著進展，您將進行一系列逐步的食譜，詳細介紹網絡應用程式中各種類型的漏洞和攻擊，以及Java反序列化等高級技術。

通過閱讀本書，您將能夠安裝和部署ZAP，進行從基本到高級的網絡應用程式滲透攻擊，使用該工具進行API測試，部署集成的BOAST服務器，並將ZAP集成到持續集成和持續交付（CI/CD）流程中。

您將學到：

- 在不同的操作系統或環境上安裝ZAP。
- 探索如何爬行、被動掃描和主動掃描網絡應用程式。
- 發現身份驗證和授權漏洞。
- 通過檢查業務邏輯漏洞進行客戶端測試。
- 使用BOAST服務器進行帶外攻擊。
- 了解將ZAP集成到CI/CD流程的最終階段。

本書適合網絡安全專業人士、道德黑客、應用程式安全工程師、DevSecOps工程師、對網絡安全感興趣的學生、網絡安全愛好者以及希望在ZAP方面獲得專業知識的開源網絡安全社區的任何人。熟悉基本的網絡安全概念將有助於更好地理解本書的內容。

1. Getting Started with OWASP Zed Attack Proxy
2. Navigating the UI
3. Configuring, Crawling, Scanning, and Reporting
4. Authentication and Authorization Testing
5. Testing of Session Management
6. Validating (Data) Inputs - Part 1
7. Validating (Data) Inputs - Part 2
8. Business Logic Testing
9. Client-Side Testing
10 Advanced Attack Techniques
11. Advanced Adventures with ZAP

1. 使用OWASP Zed Attack Proxy入門
2. 導覽使用者介面
3. 設定、爬蟲、掃描和報告
4. 認證和授權測試
5. 測試會話管理
6. 驗證（資料）輸入 - 第一部分
7. 驗證（資料）輸入 - 第二部分
8. 商業邏輯測試
9. 客戶端測試
10. 高級攻擊技巧
11. ZAP的高級冒險