Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson is about the ZAP attack proxy. Using an application, participants receive step by step instructions in how to spider a web page and then look at everything it has found. The ZAP attack proxy is able to attack any vulnerability that is present.

Video Transcription

00:04
next, we're gonna check out the zit attack Proxy. You're gonna come over here in our environment,
00:10
cook applications, Web application, analysis,
00:14
and then we're gonna go and click the wasp. Zap.
00:21
All right.
00:22
The zit attack proxy has launched.
00:28
We're gonna come over here to you were also attack. We're goingto type of 19 to that 1 68
00:35
Dad zeroed out 11 or whatever. You have it set up. As for yourself, and you're gonna click attack.
00:41
Now it's gonna go through. It's gonna spider this entire web page for you here.
00:46
I'm gonna be ableto scroll down and look at everything that it's found.
00:53
You could sit here on the spider and view pages that you might have messed,
00:58
uh, can come in very handy.
01:02
And if we commemorate the active scan, it is now actively performing.
01:07
Uh, scans against
01:10
this web application
01:11
now
01:12
is that attack proxy
01:15
will launch scans against
01:18
every kind of vulnerability that that is present.
01:42
If you want to
01:44
change any kind of scam policy here, if you want to modify your scam policy
01:51
because it's being a bit too harsh,
01:53
you can't come in here
01:56
and do things to the scam policy.
02:00
Um,
02:04
such as turning different things off,
02:07
turn off the strength of different things.
02:10
Uh,
02:13
two better,
02:15
Taylor. Your attacks.
02:16
That is especially helpful if you want to do something, like
02:21
just check for sequel injection.
02:25
Um,
02:27
you can come here and
02:30
beef it up if you wanted to, and turn everything else off
02:34
and
02:36
this will help you identify, you know,
02:42
just sequel injection. And if something is to fail,
02:46
you know, you don't want to do scans with
02:49
vulnerability scanners
02:51
with everything firing off at once because you can crash a server that way.
02:57
So you already used that attack proxy.
03:00
You should go thrill
03:01
and turn all of these off
03:06
and really just used the one
03:09
scan that you want.
03:14
So if you come over here,
03:15
you see that secret injections have been found.
03:20
Come over here and click on the item,
03:23
and it will give us the girl give us of the attack that it used and give us some
03:30
information here.
03:31
Such as, ah, description of it,
03:35
some solutions for it and some references.
03:39
So is that attack proxy is a another powerful free tool for you to use, and I highly suggest using it comes Bree pre built in with, ah, whole bunch of other different tools in here. They're really, really great to use, so I highly suggest you checking it out.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor