Portswigger’s Burpsuite has become the tool of choice for web application penetration testers. OWASP’s Zed Attack Proxy (ZAP) not only fights in the same weight class but also serves as the formative web security testing system for many of those new to the field. For organizations seeking to replicate the results of a test, ZAP is as compelling as it is both capable and free.
For pathfinders, blazing a trail and guiding wayfarers are opposite sides of the same coin. As guides pledged to the information security journeys of those with whom we partner, we may need to coach and teach. If we blazed the trail with Burpsuite, we may still need to guide replication efforts with ZAP. This webcast discusses and demonstrates several common web application attack tactics and implements each in both Burpsuite and ZAP. Join John, Matt and other testers as we close out 2017! It’s the Christmas party of our webcasts!
Slides available here: https://www.dropbox.com/s/tztogq6oj8t2qbl/Zap-Burp-slides.pptx?dl=0