« Previous 1 2 3 4
Application security testing with ZAP in a Docker container
Dynamic Duo
Doomed!
I hope you've enjoyed taking a very quick look at SQLi with the use of Docker containers. More to the point, however, I hope you're now sufficiently frightened enough of the freely available tools that anyone can get their hands on to put your application through its paces.
Within the right laboratory environment (a reminder that ZAP can attack and potentially break an application) these portable containers are an excellent way of checking that you've ticked lots of security checkboxes while developing your software.
I've only looked at a tiny corner of ZAP's functionality, and I'd encourage everyone to get their hands dirtier and learn more about defending against these offensive security testing tools.
Infos
- OWASP Top 10: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- Mutillidae: https://github.com/webpwnized/mutillidae
- WebGoat: https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
- nowasp Dockerfile: https://hub.docker.com/r/citizenstig/nowasp/~/dockerfile
- Change password for nowasp: https://hub.docker.com/r/citizenstig/nowasp
- "ZAP provides automated security tests in continuous integration pipelines" by Chris Binnie, ADMIN , issue 41, 2017, pg. 58, http://www.admin-magazine.com/Archive/2017/41/ZAP-provides-automated-security-tests-in-continuous-integration-pipelines
- OWASP ZAP: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)