PenTesting with OWASP ZAP: Mastery course

Master Security Testing with OWASP ZAP | Pentest web applications effectively

4.00 (326 reviews)
Udemy
platform
English
language
Network & Security
category
Atul Tiwari
instructor
PenTesting with OWASP ZAP: Mastery course
2,302
students
7 hours
content
May 2020
last update
$49.99
regular price

What you will learn

ZAP tool mastery for security testing

Penetration testing web applications

Uncover hidden bugs and vulnerabilities

Use ZAP and burp suite at the same time

Invoke hacking applications in ZAP

Know the hidden power of ZAP to assess web applications

Use ZAP for Bug bounty hunting

Use SQLmap, Nmap, Nikto and all tools in kali linux with and in ZAP UI simultaneously

Why take this course?

[+] Course at a glance

Welcome, to this course, "PenTesting with OWASP ZAP" a fine grained course that enables you to test web application, automated testing, manual testing, fuzzing web applications, perform bug hunting and complete web assessment using ZAP. focused over ease of use and with special abilities to take down the web applications that most of the tool will leave you with unnoticed and or, un touched critical vulnerabilities in web applications but then the ZAP comes to rescue and do the rest what other tools can not find.

"This course is completely focused over pen testing web applications with ZAP"

The ZAP, is a fine grained tool that every penetration testers, hacker, developers must have in their arsenal and hence required a solid understanding and through training to perform security testing from its core. ZAP can work with and integrate with many tools in the hacking, penetration testing segment such as: SQLmap, nmap, Burp suite, Nikto and every tool inside kali linux. Invoking with burp gives much flexibility to combine the power of ZAP and burp suite at the same time and in complete order.

[+] Some special features of the ZAP

  • Quick start using “point and shoot”

  • Intercepting proxy with liked browser

  • Proxying through zap then scanning

  • Manual testing with automated testing

  • ZAP HUD mode, to test apps and attack in a single page

  • Attack modes for different use cases.

  • Active scanning with passive scanning

  • Requester for Manual testing

  • Plug-n-hack support

  • Can be easily integrated into CI/CD

  • Powerful REST based API

  • Traditional AJAX spider

  • Support for the wide range of scripting languages

  • Smart card support

  • Port scanning

  • Parameter analysis

  • Invoking and using other apps I.e: Burp suite

  • Session management

  • Anti-CSRF token handling

  • Dynamic SSL certificates support

And much more...

[+] Course materials

  • Offline access to read PDF slides

  • 8+ Hours of Videos lessons

  • Self-paced HTML/Flash

  • Access from PC, TABLETS, SMARTPHONES.

  • PDF Slide

[+] Below are the Vulnerabilities that ZAP security tests against a web application & web server to hunt for loopholes

Path Traversal, Remote File Inclusion, Source Code Disclosure - /WEB-INF folder, Server Side Include, Cross Site Scripting (Reflected)

Cross Site Scripting (Persistent) - Prime, Cross Site Scripting (Persistent) - Spider, Cross Site Scripting (Persistent), SQL Injection

Server Side Code Injection, Remote OS Command Injection, Directory Browsing, External Redirect, Buffer Overflow Medium

Format String Error, CRLF Injection Medium, Parameter Tampering, Script Active Scan Rules, Remote Code Execution - Shell Shock

Anti CSRF Tokens Scanner, Heartbleed OpenSSL Vulnerability, Cross-Domain Misconfiguration, Source Code Disclosure - CVE-2012-1823

Remote Code Execution - CVE-2012-1823, Session Fixation, SQL Injection - MySQL, SQL Injection - Hypersonic SQL, SQL Injection - Oracle

SQL Injection - PostgreSQL, Advanced SQL Injection, XPath Injection, XML External Entity Attack, Generic Padding Oracle

Expression Language Injection, Source Code Disclosure - SVN, Backup File Disclosure, Integer Overflow Error, Insecure HTTP Method

HTTP Parameter Pollution scanner, Possible Username Enumeration, Source Code Disclosure - Git, Source Code Disclosure - File Inclusion

Httpoxy - Proxy Header Misuse, LDAP Injection, SQL Injection - SQLite, Cross Site Scripting (DOM Based), SQL Injection - MsSQL

Example Active Scanner: Denial of Service, An example active scan rule which loads data from a file, Cloud Metadata Potentially Exposed

Relative Path Confusion, Apache Range Header DoS, User Agent Fuzzer, HTTP Only Site, Proxy Disclosure, ELMAH Information Leak

Trace.axd Information, .htaccess Information, .env Information Leak, XSLT Injection.

_________________________________________________________________________________________________________________________________________________

Reviews

Shane
June 6, 2023
Your videos are not tutorials unfortunately. They are just videos about what are the features available in ZAP. Which is good to know. But it is not properly taught in my opinion. You can find better tutorials on youtube. e.g., I had a great expectation on the scripting video, which is hard to find on youtube though. I think you need to change the title of the course to " ZAP overview". Mastery is quite misleading here. That's why many people felt they fall in a trap.
Francisco
May 26, 2023
Far below my expectations. When I saw that the course had a good score I decided to pay for the course. Once I finished it, I didn't get anything interesting, only a little better knowledge of the interface. Much of the time is spent reading configuration that can be read without the video. It is very disorganized, 30 minutes videos where the same video talks about totally different topics. In addition, despite dealing with basic concepts, it is very difficult to understand because of the way it is explained. I do not recommend it.
Fabio
January 19, 2023
Very good content. It shows how to navigate and understand the interface, as well as some tips to make a better use of the tool.
Dipak
October 11, 2022
Very difficult to understand. The knowledge level seems to be very low. This course is not even meant to give basic knowledge, forget about mastery.
Pramit
October 3, 2022
Great learning material, I haven't covered the full course yet, still I can tell that detailed information is provided on each section. This is way better to have a unified learning resource on ZAP than to randomly searching on internet which is full of info on commercial alternatives but not so much on this tool.
Mariam
August 14, 2022
The course is more about how to use the tool and not how to analyze the results, some lectures have background music which makes me lose focus. I am not able to catch differences between different features of the tool such as fuzzers/active scan. no live example of when to use what.
Dhimant
July 24, 2022
Explaining Security with real site examples will help more rather explaining feature first .. as we can forget the features without any context
Karen
July 20, 2022
visual presentation is not that helpful. Need to rely on the instructor's voice/ narration most of the time
Bill
July 18, 2022
I am having hard time understanding the instructor. Does not look like closed captions are accurate either.
Johan
June 4, 2022
I learned many tricks that I didn't know initially through this course. A must go course for those who would like to know more about ZAP.
Cheyenne
January 12, 2022
I needed a quick recap on ZAP.I got more than I was expected.By reading books,- it is simply not possible to gain equivalent skills with this tool in such a short time frame. This course is highly recommended.
Vanderbeck
September 10, 2021
I was expecting a whole penetration test session on one site. This presentation could have one more lesson.
M
February 3, 2021
Hello I wanted to say thank you for this excellent tutorial. There are not many tutorials on the internet on ZAP as well explained and as complete as yours. Thank you very much.
Owcomir
December 31, 2020
Very detailed course. It made the start with ZAP a lot easier. That dock bar from Mac OS could be switched off, it is obsolete there :)
Roman
December 11, 2020
It was a little boring section without a defined introduction. Will be good to have a list of features/ options that will be covered during this 1st part, some basic steps.... Jumping from one section to another in the menu and settings a little confused me. Also, there is not a bad idea to have an offline doc which can help to assume what was done and where is possible to find basic answers regarding downloading/configuring OWASP ZAP. After completing section 11 I'm still waiting for the Quiz :) The theoretical part is really cool but in my case will be more interesting to pass or fail the test.

Charts

Price

PenTesting with OWASP ZAP: Mastery course - Price chart

Rating

PenTesting with OWASP ZAP: Mastery course - Ratings chart

Enrollment distribution

PenTesting with OWASP ZAP: Mastery course - Distribution chart

Related Topics

Penetration Testing
OWASP
2737914
udemy ID
1/4/2020
course created date
2/7/2020
course indexed date
Bot
course submited by