A tool which will automate the crawling of AJAX applications. It can be daisy-chained with other proxies (like ZAP or Burpe) to allow the functionality of those tools to be used on aspects of a web app that traditional spidering tools will miss.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Download Zed Attack Proxy (ZAP), and install
- Run Zed Attack Proxy (ZAP)
- Go to Tools -> Options -> Connections, and set proxy settings to match your browser proxy settings (and proxy exclusions)
- Go to Tools -> Options -> Local proxy and enter localhost (port: 85),
- In your browser of choice, set proxy in LAN settings to localhost (port: 85), and clear the proxy exclusions list.
- Access a test site URL to verify settings all applied correctly (The Zed Attack Proxy “Sites” window should populate with all URL’s visited)
- If the site requires Authentication, go to Tools -> Options -> Authentication, and add details in the table.
- Run Active Scan on root URL (Click Active Scan tab, and select URL from dropdown if not already selected).
- Click Report -> Generate HTML report, to view issues found.
- Run Spider test, which will pick up on 404 errors, missing URL references, and help you identify redundant file calls.
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks
OWSAP ZAP is a useful website security testing tool, that any web savvy tester could use effectively. Apart from the annoyingly vague setup (ensure first task is to set up your browser to use same proxy as defined in ZAP), there are useful tools that you can start at a click. I ran the “Active Scan” option, just to see what this could do out-the-box. I would recommend “Passive Scan” really, as this is far safer to use (remember to try and use this tool only on test sites, as it does have potential to crash websites).
Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets.
Impressive – firstly, I was surprised by how much of a site directory is viewable – when using CMS’s like Drupal or WordPress, a lot of assumptions are made as to security. The number of updates to these CMS’s purely on security issues should highlight the need to keep a handle on your website security in general. Click more to view the reports I generated, as it will illustrate that this tool is capable of.