Application security testing with ZAP in a Docker container

Dynamic Duo

Doomed!

I hope you've enjoyed taking a very quick look at SQLi with the use of Docker containers. More to the point, however, I hope you're now sufficiently frightened enough of the freely available tools that anyone can get their hands on to put your application through its paces.

Within the right laboratory environment (a reminder that ZAP can attack and potentially break an application) these portable containers are an excellent way of checking that you've ticked lots of security checkboxes while developing your software.

I've only looked at a tiny corner of ZAP's functionality, and I'd encourage everyone to get their hands dirtier and learn more about defending against these offensive security testing tools.

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend , shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus