Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0
I was really impressed by Kelsey Hightower's "Learn Kubernetes the Hard Way". I really wanted to come up with something as simple and effective as that for one of my favorite DAST tools, OWASP ZAP. Instead of making presentations that tend to be theoretical, rather boring and difficult to version manage and control, I decided to go the IPython Notebook route, where this could be an interactive experience and a running tutorial of sorts.
The idea is to have a running interactive, totally hands-on, no-Death-by-Powerpoint :) training on OWASP ZAP Automation and Scripting.
Please feel free to reach out for comments/requests on:
git clone https://github.com/we45/ZAP-Mini-Workshop
virtualenv
here
cd ZAP-Mini-Workshop
virtualenv zap
source zap/bin/activate
pip install -r requirements.txt
or pip3 install -r requirements.txt
depending on how you are managing Python versions on your machinejupyter notebook
. This should start the notebook and your default browser should automatically redirect you to the iPython NotebookOWASP ZAP API Mini Workshop.ipynb
, by clicking on it.Docker
if not already installed on your laptop. Pull image with this command: docker pull abhaybhargav/vul_flask
docker run -p 5050:5050 abhaybhargav/vul_flask
, you can add the -d
optionally to run it as a detached processZAP Sessions
notebookZAP Sessions.ipynb
, by clicking on it.nbstripout
library for Output reduction