Home | README.md | Portfolio | ← | →

Reading Getting Started with Zed Attack Proxy

What are the three common stages of the Penetration Testing process and what tasks are performed at each one?

1. Preparation and setup

• familiarizing yourself with ZAP and other tools that will be used

2. Active Scanning and exploration

• engaging with advanced features of zap

3. Analysis and Reporting

• analyzing results of both. manual and automated tests.

What are the 2 spiders available for use in ZAP?

• two spiders available for use in ZAP are the Traditional Spider and the AJAX Spider. These tools are designed to automatically crawl a web application to discover its content and structure, with each spider having its own approach and capabilities suited for different types of web applications.

Explain a “main-in-the-middle proxy” in non-technical terms.

• you're the user's web browser, your friend is the web application you're trying to communicate with, and the trusted messenger is the man-in-the-middle proxy. When you use such a proxy for security testing, it acts as an intermediary that intercepts all the messages (data) sent between you and the web application. This allows the proxy to examine the contents for security issues, like looking for secret codes or vulnerabilities that hackers might exploit, and then it forwards the data along so the conversation can continue as if uninterrupted.# What are the 2 spiders available for use in ZAP?

What situations are they best suited for?

1. Security Testing and Vulnerability Assessment
2. Learning and Education
3. Exploring Web Applications
4. Interception and Analysis of HTTP(S) traffic

Bookmark and Review

Python Tools for Cyber