401d8 read37 - carlosjorr/reading-notes GitHub Wiki

Automated AppSec with ZAP

What are the three common stages of the Penetration Testing process and what tasks are performed at each one?

Reconnaissance: In this initial stage, the penetration tester gathers information about the target system or network. This involves passive data collection through public sources, like social media and public records, to understand the potential attack surface. The goal is to identify possible entry points and vulnerabilities.

Scanning and Enumeration: During this stage, the penetration tester actively scans the target to identify vulnerabilities, weaknesses, and services that are exposed. This often involves tools like Nmap or vulnerability scanners. The tester aims to create a comprehensive picture of the target's security posture, determining which vulnerabilities could be exploited.

Exploitation and Post-Exploitation: In this phase, the penetration tester attempts to exploit the identified vulnerabilities to gain unauthorized access to the system or network. This could involve using known exploits, brute force attacks, or other methods to breach the target's security. Once access is achieved, the tester aims to escalate privileges, maintain persistence, and gather sensitive information.

Explain a “main-in-the-middle proxy” in non-technical terms.

Imagine you're sending letters to a friend through a postal service, but there's someone intercepting and reading your letters before they reach your friend. A man-in-the-middle proxy works similarly in the digital world. It's like an invisible middleman that sits between your computer and the websites you visit. It can see and modify the information going back and forth, potentially capturing sensitive data like passwords or credit card numbers.

What are the 2 spiders available for use in ZAP?

Traditional Spider: The traditional spider in ZAP is a tool that automatically navigates through a website, following links and collecting information about the pages and content it encounters. It's best suited for larger applications or websites with a complex structure. The traditional spider helps uncover hidden or forgotten parts of a website that might have security vulnerabilities.

Ajax Spider: The Ajax spider is designed to work with modern web applications that use technologies like AJAX to dynamically load content without refreshing the entire page. It simulates user interactions to discover potential security issues in these types of applications. The Ajax spider is great for testing Single Page Applications (SPAs) and other dynamic web interfaces.

What situations are they best suited for?

These spiders are used in ZAP, a popular open-source security tool, to help penetration testers identify vulnerabilities in web applications. The choice between them depends on the nature of the website being tested and its underlying technologies.