By the end of this project, you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application.



Web Application Security Testing with OWASP ZAP

Instructor: Alex Carraway
Access provided by McKinsey
9,595 already enrolled
(288 reviews)
Recommended experience
What you'll learn
- Scan websites for vulnerabilities 
- Setup and use OWASP ZAP Proxy 
- Use a dictionary list to find files and folders and spider crawl to find links and URLs 
Skills you'll practice
Details to know

Add to your LinkedIn profile
Only available on desktop
See how employees at top companies are mastering in-demand skills

Learn, practice, and apply job-ready skills in less than 2 hours
- Receive training from industry experts
- Gain hands-on experience solving real-world job tasks
- Build confidence using the latest tools and technologies

About this Guided Project
Learn step-by-step
In a video that plays in a split-screen with your work area, your instructor will walk you through these steps:
- Introduction and Overview of OWASP ZAP (2 min) 
- OWASP ZAP Layout and First Scan (4 min) 
- Analyzing the OWASP ZAP Scan Results and Generating a Report (4 min) 
- Setting up FoxyProxy in Firefox to use OWASP ZAP as a Proxy (7 min) 
- Finding Files and Folders Using a Dictionary List within OWASP ZAP (4 min) 
- Use OWASP ZAP to Spider Crawl a website to find URLs and Links (4 min) 
- Use OWASP to View and Alter Requests (8 min) 
Recommended experience
Mid-level experience with web application security, and a fundamental knowledge of web application attack types and terminology is recommended.
7 project images
Instructor

Offered by
How you'll learn
- Skill-based, hands-on learning - Practice new skills by completing job-related tasks. 
- Expert guidance - Follow along with pre-recorded videos from experts using a unique side-by-side interface. 
- No downloads or installation required - Access the tools and resources you need in a pre-configured cloud workspace. 
- Available only on desktop - This Guided Project is designed for laptops or desktop computers with a reliable Internet connection, not mobile devices. 
Why people choose Coursera for their career




Learner reviews
288 reviews
- 5 stars54.86% 
- 4 stars26.73% 
- 3 stars11.80% 
- 2 stars2.77% 
- 1 star3.81% 
Showing 3 of 288
Reviewed on Feb 26, 2022
It is a very good lecture for beginner!! I highly recommend this course.
Reviewed on Jun 29, 2020
The course I believe was a bit easy and not intermediate plus Rhyme refused connections to the mutilliadae server
Reviewed on Mar 20, 2023
Leaned so much and I feel like it comes to me Very Comfortable





