Cover
Title Page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Chapter 1: Getting Started with OWASP Zed Attack Proxy
Downloading ZAP
Getting ready
How to do it...
Installing Docker
See also
Setting up the testing environment
Getting ready
How to do it...
How it works...
There's more...
Setting up a browser proxy and certificate
Getting ready
How to do it...
How it works...
Testing the ZAP setup
Getting ready
How to do it...
How it works...
Chapter 2: Navigating the UI
Technical requirements
Persisting a session
Getting ready
How to do it...
How it works...
Menu bar
Getting ready
How to do it...
How it works...
There's more...
Toolbar
Getting ready
How to do it...
How it works...
See also
The tree window
Getting ready
How to do it...
How it works...
Workspace window
Getting ready
How to do it...
How it works...
Information window
Getting ready
How to do it...
How it works...
There's more...
Footer
Getting ready
How to do it...
How it works...
Encode/Decode/Hash dialog
Getting ready
How to do it...
How it works...
See also
Fuzzing with Fuzzer
Getting ready
How to do it...
How it works...
There's more...
See also
Chapter 3: Configuring, Crawling, Scanning, and Reporting
Technical requirements
Setting scope in ZAP
Getting ready
How to do it...
How it works...
Crawling with the Spider
Getting ready
How to do it...
How it works...
Crawling with the AJAX Spider
Getting ready
How to do it...
How it works...
There's more...
See also
Scanning a web app passively
Getting ready
How to do it...
How it works...
There's more...
See also
Scanning a web app actively
Getting ready
How to do it...
How it works...
There's more...
See also
Generating a report
Getting ready
How to do it...
How it works...
See also
Chapter 4: Authentication and Authorization Testing
Technical requirements
Testing for Bypassing Authentication
Getting ready
How to do it...
How it works...
Testing for Credentials Transported over an Encrypted Channel
Getting ready
How to do it...
How it works...
Testing for Default Credentials
Getting ready
How to do it...
How it works...
There's more...
See also
Testing Directory Traversal File Include
Getting ready
How to do it...
How it works...
See also
Testing for Privilege Escalation and Bypassing Authorization Schema
Getting ready
How to do it...
How it works...
Testing for Insecure Direct Object References
Getting ready
How to do it...
How it works...
There's more...
Chapter 5: Testing of Session Management
Technical requirements
Mutillidae setup
Testing for cookie attributes
Getting ready
How to do it...
How it works...
Testing for cross-site request forgery (CSRF)
Getting ready