Web Attacks: Automated Scanning with OWASP Zap
In this lab, you'll practice automated scanning strategies using OWASP ZAP. When you're finished with this lab, you'll have the necessary knowledge to scan web applications for vulnerabilities using OWASP ZAP.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Spidering a Web Application
In this challenge, you will familiarize yourself with OWASP ZAP GUI, and you will run a spider scan against a target application.
Challenge
Fuzzing a Web Application
In this challenge, you will launch a Fuzz attack to brute force the username/password combination for the target website.
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- .