The Zed Attack Proxy (ZAP) is one of the world’s most popular web application security testing tools. It's an open source project maintained by OWASP, the Open Web Application Security Project, a vendor-neutral, non-profit group of volunteers dedicated to making web applications more secure. At the Frederick Open Source (FOS) meeting in June 2020, Caleb described how to use ZAP, which can perform fuzzing, scripting, spidering, and proxying in order to test web apps against attack. This session shows how OWASP ZAP can help you automatically find web security vulnerabilities while you are developing and testing your applications.

Administrative note: Although the audio for this session was intermittent at points, it is possible to follow the gist of the topic discussion. Caleb, the presenter, offered to follow up on any questions you may have about OWASP ZAP. A separate recording glitch caused the loss of all audio at the very beginning (thus there's music fill for the first couple of minutes so you won't think the problem is at your end); fortunately very little information is lost, as the spoken discussion covered the titles and text that are displayed during that segment. The participants got a lot out of this session, and it's likely you will too.