Difference between revisions of "Episode325"

From Security Weekly Wiki
Jump to navigationJump to search
Line 29: Line 29:
 
Simon talks [http://owasp.blogspot.co.uk/2013/01/owasp-zed-attack-proxy-v-200.html OWASP Zed Attack Proxy v 2.0.0]
 
Simon talks [http://owasp.blogspot.co.uk/2013/01/owasp-zed-attack-proxy-v-200.html OWASP Zed Attack Proxy v 2.0.0]
  
1. What is the Zed Attack Proxy (ZAP)?
+
#What is the Zed Attack Proxy (ZAP)?
2. How is it maintained?
+
#How is it maintained?
3. How is it different from other proxies, like Burp?
+
#How is it different from other proxies, like Burp?
4. Where do you see ZAP going in the future?
+
#Where do you see ZAP going in the future?
5. What are ZAP's strengths and limitations?
+
#What are ZAP's strengths and limitations?
6. Are you working on any other OWASP projects?
+
#Are you working on any other OWASP projects?
  
 
= Announcement =  
 
= Announcement =  

Revision as of 12:25, 28 March 2013


Episode Media

Episode 322

MP3

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 325 for Thursday March 28th, 2013

  • Register for "Offensive Countermeasures: The Art Of Active Defense": SANSFIRE Washington, DC June 15-16th with John Strand
  • Come to Security BSides Rhode Island One-Day Conference on June 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Thursday nights at 8:30PM EST. Come have a cigar with us!

Guest Technical Segment: Simon Bennetts on OWASP Zed Attack Proxy v 2.0.0

Simon is a Mozilla Security Automation Engineer and ZAP Project Leader. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project.

From the OWASP site:

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Simon talks OWASP Zed Attack Proxy v 2.0.0

  1. What is the Zed Attack Proxy (ZAP)?
  2. How is it maintained?
  3. How is it different from other proxies, like Burp?
  4. Where do you see ZAP going in the future?
  5. What are ZAP's strengths and limitations?
  6. Are you working on any other OWASP projects?

Announcement

  • We are in the process of archiving and cataloging our technical segments, please visit the PaulDotCom Technical Library and we indexed all of the interviews we have conducted. We are also working on updating all of the articles, so check the newsletter or if you want to help in exchange for some free guidance and security training please email me.
  • Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May!

Stories

Paul's Stories

Larry's Stories

Jack's Stories

Allison's Stuff