From 835c2203cc3a5c588c40bc062111b81ebb6c396b Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 26 Mar 2018 19:42:40 -0400 Subject: [PATCH] adding web application testing references Adding how to integrate ZAP with Jenkins and automate web application testing assessments --- web_application_testing/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 web_application_testing/README.md diff --git a/web_application_testing/README.md b/web_application_testing/README.md new file mode 100644 index 0000000..5e51ac6 --- /dev/null +++ b/web_application_testing/README.md @@ -0,0 +1,19 @@ +# Web Application Testing References + + +## Vulnerable Servers +There are a series of vulnerable web applications that you can use to practice your skills in a safe environment. You can get more information about them in the [vulnerable_servers directory in this repository](https://github.com/The-Art-of-Hacking/art-of-hacking/tree/master/vulnerable_servers). + +## A Few Popular Tools +The following are a few popular tools that you learned in the video courses part of these series: +* [Burp Suite](https://portswigger.net/burp) +* [OWASP Zed Attack Proxy (ZAP)](https://github.com/zaproxy/zaproxy) +* [sqlmap](http://sqlmap.org/) +* [Paros Proxy](http://sectools.org/tool/paros/) +* [httrack](https://www.httrack.com/) +* [skipfish](https://code.google.com/archive/p/skipfish/) + +## How to Integrate OWASP ZAP with Jenkins +You can integrate ZAP with Jenkins and even automatically create Jira issues based on your findings. You can download the [ZAP plug in here](https://wiki.jenkins.io/display/JENKINS/zap+plugin). + +[This video](https://www.youtube.com/watch?v=mmHZLSffCUg) provides an overview of how to integrate