Demo: OWASP ZAP - Burp Suite Tutorial

- [Instructor] In order to use OWA ZAP, you're going to have to download a copy to your local machine and you can do so from zaproxy.org. If you scroll down to the Download Now section, you'll see there are plenty of options available depending on your operating system and your test lab environment. But we're also going to need a web application to test, which is where we're going to turn to the OWASP Vulnerable Web Applications directory. If you go to this resource, you've got a number of apps deliberately vulnerable by design that are built and maintained for testers like you and me. We've got mobile apps, offline apps, but you're more interested in the Online application. We're going to point ZAP to an online vulnerable web app to see what we can find. And the one that I'd like you to start with is the OWASP Juice Shop. This is an app that OWASP has built and maintains here to do exactly what we're doing today. Go through…