How well protected are your web applications? With hacking incidents and data leakage on rise, it is nowPicture3 more important than ever to ask yourself this question. Hence, security testing is the perfect antidote to fixing the vulnerabilities found in web applications. ZAP (Zed Attack Proxy) is one such open source tool used for integrated penetration testing done by developers and functional testers. An easy to use and simple tool, it offers automated scanners and a set of tools which allow you to find security vulnerabilities manually. Important features: Quick Start It offers you an easy way to quickly test a web application. Enter the URL of your target application and press the ‘Attack’ button.   1 Sites Tab It shows all of the URLs visited – Select any of the nodes in the tree to display the request and response for that URL in the relevant tab. 2   Request Tab It shows the data sent by your browser for the request highlighted in either the Sites or History tab. 3 Response Tab It shows the data sent to the browser for the request highlighted in either the Sites or History tab. 4   Break Tab It allows you to change a request or response when it has been caught by ZAP via a breakpoint.  The elements which can be changed are : The header, hidden fields, disabled fields. While the Break tab is not in use it will be in grey colour: X When a break point is hit the tab icon is changed to a red cross: :X 5 History Tab: It shows a list of all requests in the order which they were made. For every request, you can see: The request index – Each request is numbered, starting at 1 The HTML method, e.g. GET or POST The URL requested The HTTP response code A short summary of what the HTTP response code means The length of time the whole request took. Any Alerts on the request. Any Notes you have added to request Any Tags on the request 6   Search Tab It allows you to search for regular expressions in all of the URLs, requests, responses, headers and fuzz results. 7 Break Points tab It shows all the break points that you have set. It can be set via the History and Sites tabs as well as the ‘Add a custom HTTP break point’ button on the top level toolbar. 8  Alerts tab It shows the Alerts that have been raised in this session.Double clicking an alert will display the ‘Add Alert dialog’ which will allow you to change the alert details.  9 Active Scan tab It allows you to perform an active scan on any of the sites that have been accessed. 10 Spider tab It shows you a set of unique URIs found by the Spider during the scans.The toolbar provides a set of buttons which allow you to start, stop, pause and resume the scan. A progress bar shows how far the scan of the selected site has progressed. For each request you can see: Processed – Whether the URI was processed by the Spider or was skipped from fetching because of a rule (e.g. it was out of scope) Method – The HTTP method, e.g. GET or POST, through which the resource should be accessed URI – the resource found Flags – any information about the URI (e.g. if it’s a seed or why was it not processed) 11 Fuzzer tab The Fuzzer tab shows you the requests and responses performed when you fuzz a string.   Params tab This shows a summary of the parameters a site uses. Sites can be selected via the toolbar or the Sites tab.    12     Http Sessions tab This tab shows you the set of identified HTTP sessions for each Site, as detected by the HTTP Sessions extension. 13   Active Scan Rules This rule checks the headers of secure pages and reports an alert if they allow a browser to cache the page. 14     AJAX Spider tab The AJAX Spider tab shows you the set of unique URIs found by AJAX Spider: 15 WebSocket tab The WebSockets tab displays all messages from WebSocket connections. While ZAP is active, visit e.g.: Mozilla’s Browser Quest to see WebSockets in action. 16 Forced Browse tab The Forced Browse tab allows you to perform a browse scan on any of the sites that have been accessed. 17            

Schedule My Custom Consultation

Are you looking to customize and integrate your Salesforce org? AppShark provides the certified experts to help you align Salesforce with your business processes.