However, for those interested in alternatives to K9 Web Protection, I would recommend you can start with Quad9 and OpenDNS Home. I am not aware of an alternative free software that provides the same level of protection at a premium quality. It is unfortunate to see K9 Web Protection go. Technical Support for K9 will end on June 30, 2019. it was decided to “end-of-life” K9 Web Protection.Įffective immediately, K9 Web Protection is no longer available for purchase or download. As can be imagined Blue Coat and Symantec had a handful of similar products and unfortunately, it didn’t make sense to maintain two competing products. (K9’s parent company) was acquired by Symantec™. I recommend that you check it out to begin rockin’ on your Web Application Security game!įollow me on Twitter: August 1, 2016, Blue Coat, Inc. Even if you just heard of web application security, and you are looking to try one, this is a must-have for you and it’s free! I am really glad that I got the chance to play with this tool and now it is part of my toolkit. This already looks to be the best of the bunch. This concludes the introduction of a feature-packed tool from a long list of tools that I plan to explore. ![]() One video in particular that you should check out is this as it can come in handy when you want ZAP to auto-authenticate to your site’s login fields. Fortunately, there are YouTube videos that you can refer to here. ![]() If you are fairly new to web application security (like I am) chances are that whichever direction you choose to take, you will have questions. Alternatively, you could visit your demo site using the browser on which you configured ZAP proxy, and as you navigate through the site, ZAP will begin to populate the structure on the left home-page panel:Īfter you have the site structure similar to the above, you can take your test in several different directions - most of which can be viewed by simply right-clicking on any of the site’s pages: This is probably the best place to start off with your first scan. Going back to the homepage, you will see the following option: But you can find answers to what all of the buttons do from the user guide as well as from here and here. I think that is great because as you look through the home page and menu options, it can be a bit overwhelming. I believe everything that is found on ZAP’s online wiki can be located in this user guide, if not more. It can be accessed from Help > OWASP ZAP User Guide: If you have questions about where to start in ZAP, the perfect place to start would be the awesome user guide that comes with the installation. It is best to deploy a dummy web application on your local machine and use that to scan and learn. The first thing I would like to call your attention to before setting up a scan is to please make sure you have explicit permission before you scan any site. Here is how the home page should look like. I set Firefox with ZAP proxy:Īfter completing the step above, you are done with the installation process and are ready to kick off a scan. The ZAP team has a nice guide here on how to do this for the most common browsers. ![]() The last step in the installation process is similar to BURP and that is to configure your browser to use ZAP as a proxy. You may be prompted to generate an SSL certificate - which you will need in order to test secure applications - however, I skipped that initially since you can always come back to it. Soon after that, the application will auto-start. ![]() Also, ZAP comes included in several security distributions - a list can be found here.Īfter you have extracted the ZAP_2.3.1_, you just need to run the zap.sh: Note that Java version 7 is required for both Windows and Linux. I downloaded ZAP on my Ubuntu 13 Desktop instance. ZAP can run on Windows, Linux, and OS/X, and it can be downloaded from here. Also, since there is already so much professional documentation available for this project, this post will not pay too much attention to its features and functionality, but rather on my experience with the tool and how I got it up and running. The project is extremely well documented with a user guide, FAQs, tutorials, etc., all conveniently located on its wiki. ZAP was selected as the second top security tool of 2014 by. I have known about ZAP for a while but I just thought I do a quick write up. The goal of this post is to provide an overview of an awesome OWASP project which is designed to find vulnerabilities in web applications called: Zed Attack Proxy (ZAP).
0 Comments
Leave a Reply. |