18F Tech Talk: Vulnerability Scanning With OWASP ZAP
This talk was given on 2016/02/22. It was a walkthrough and introduction to OWASP ZAP, an intercepting proxy for testing web applications.
Slides are here, but minimal. Here are the links from the resources page: ZAP's homepage: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Our guide to using ZAP: https://pages.18f.gov/before-you-ship/security/dynamic-scanning/
The incredible ZAP wiki: https://github.com/zaproxy/zap-core-help/wiki
Setting up the proxy: https://github.com/zaproxy/zap-core-help/wiki/HelpStartProxies
Juice Shop, an intentionally insecure Web App: http://bkimminich.github.io/juice-shop/#/
Fuzzing data: https://github.com/minimaxir/big-list-of-naughty-strings