This post is more of a note to myself so I can remember the name of this tool and how to configure it. The OWASP Zed Attack Proxy (ZAP) can crawl through a site and test a site for the current OWASP top 10.
How to get started
- Start the proxy and start a new session.
- The proxy by default listens on localhost:8080.
- Configure a browser to use the proxy of localhost:8080
- Browse to the site to be tested and sign-in in the browser.
- Now go to the proxy and the site should appear on the left. Right click – include default context.
- Now you can start a spider crawl attack.
Here is a video that shows how to get started with the OWasp Zap Proxy.