By the end of this project, you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application.
Web Application Security Testing with OWASP ZAP
Instructor: Alex Carraway
Access provided by New York State Department of Labor
9,063 already enrolled
(286 reviews)
Recommended experience
What you'll learn
Scan websites for vulnerabilities
Setup and use OWASP ZAP Proxy
Use a dictionary list to find files and folders and spider crawl to find links and URLs
Skills you'll practice
Details to know
Add to your LinkedIn profile
Only available on desktop
See how employees at top companies are mastering in-demand skills
Learn, practice, and apply job-ready skills in less than 2 hours
- Receive training from industry experts
- Gain hands-on experience solving real-world job tasks
- Build confidence using the latest tools and technologies
About this Guided Project
Learn step-by-step
In a video that plays in a split-screen with your work area, your instructor will walk you through these steps:
Introduction and Overview of OWASP ZAP (2 min)
OWASP ZAP Layout and First Scan (4 min)
Analyzing the OWASP ZAP Scan Results and Generating a Report (4 min)
Setting up FoxyProxy in Firefox to use OWASP ZAP as a Proxy (7 min)
Finding Files and Folders Using a Dictionary List within OWASP ZAP (4 min)
Use OWASP ZAP to Spider Crawl a website to find URLs and Links (4 min)
Use OWASP to View and Alter Requests (8 min)
Recommended experience
Mid-level experience with web application security, and a fundamental knowledge of web application attack types and terminology is recommended.
7 project images
Instructor
Offered by
How you'll learn
Skill-based, hands-on learning
Practice new skills by completing job-related tasks.
Expert guidance
Follow along with pre-recorded videos from experts using a unique side-by-side interface.
No downloads or installation required
Access the tools and resources you need in a pre-configured cloud workspace.
Available only on desktop
This Guided Project is designed for laptops or desktop computers with a reliable Internet connection, not mobile devices.
Why people choose Coursera for their career
Learner reviews
286 reviews
- 5 stars
54.54%
- 4 stars
26.92%
- 3 stars
11.88%
- 2 stars
2.79%
- 1 star
3.84%
Showing 3 of 286
Reviewed on May 13, 2022
Explore me more to acquire entirely different knowledge of what I thought I know
Reviewed on Feb 27, 2022
It is a very good lecture for beginner!! I highly recommend this course.
Reviewed on Jul 14, 2020
The information is very helpful. I got basic knowledge to continue learning OWASP ZAP.
You might also like
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
