By the end of this project, you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application.
Give your career the gift of Coursera Plus with $160 off, billed annually. Save today.
Web Application Security Testing with OWASP ZAP
Instructor: Alex Carraway
8,105 already enrolled
Included with 
(278 reviews)
Recommended experience
What you'll learn
Scan websites for vulnerabilities
Setup and use OWASP ZAP Proxy
Use a dictionary list to find files and folders and spider crawl to find links and URLs
Skills you'll practice
Details to know
Add to your LinkedIn profile
Only available on desktop
See how employees at top companies are mastering in-demand skills
Learn, practice, and apply job-ready skills in less than 2 hours
- Receive training from industry experts
- Gain hands-on experience solving real-world job tasks
- Build confidence using the latest tools and technologies
About this Guided Project
Learn step-by-step
In a video that plays in a split-screen with your work area, your instructor will walk you through these steps:
Introduction and Overview of OWASP ZAP (2 min)
OWASP ZAP Layout and First Scan (4 min)
Analyzing the OWASP ZAP Scan Results and Generating a Report (4 min)
Setting up FoxyProxy in Firefox to use OWASP ZAP as a Proxy (7 min)
Finding Files and Folders Using a Dictionary List within OWASP ZAP (4 min)
Use OWASP ZAP to Spider Crawl a website to find URLs and Links (4 min)
Use OWASP to View and Alter Requests (8 min)
Recommended experience
Mid-level experience with web application security, and a fundamental knowledge of web application attack types and terminology is recommended.
7 project images
Instructor
Offered by
How you'll learn
Skill-based, hands-on learning
Practice new skills by completing job-related tasks.
Expert guidance
Follow along with pre-recorded videos from experts using a unique side-by-side interface.
No downloads or installation required
Access the tools and resources you need in a pre-configured cloud workspace.
Available only on desktop
This Guided Project is designed for laptops or desktop computers with a reliable Internet connection, not mobile devices.
Why people choose Coursera for their career
Learner reviews
Showing 3 of 278
278 reviews
- 5 stars
53.59%
- 4 stars
27.69%
- 3 stars
12.23%
- 2 stars
2.51%
- 1 star
3.95%
You might also like
University of California, Davis
New to Computer Security and Networks? Start here.
Open new doors with Coursera Plus
Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
By purchasing a Guided Project, you'll get everything you need to complete the Guided Project including access to a cloud desktop workspace through your web browser that contains the files and software you need to get started, plus step-by-step video instruction from a subject matter expert.
Because your workspace contains a cloud desktop that is sized for a laptop or desktop computer, Guided Projects are not available on your mobile device.
Guided Project instructors are subject matter experts who have experience in the skill, tool or domain of their project and are passionate about sharing their knowledge to impact millions of learners around the world.