The Zest of ZAP: How scripting in our favorite tool can bridge the gap between dev teams and security

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 4:30 p.m. (45 minutes).

Security testing has a reputation for being mysteriously technical and conceptually unapproachable to many in the field of technology; they know it's important on some level but still, approach security as mysticism and superstition rather than technical reality. Simultaneously, the average security team is too overloaded to help guide the daily needs of those very same teams. While this operational gap can be large, it does not need to be accepted as truth, and by using OWASP ZAP and its handy scripting engines we will explore the ways in which we can use such an application as a testing tool for development teams in a way that both enhances the quality of assertions in the current QA arsenal for exploratory, functional, regression, integration and automated test process. By so doing, it will also provide a natural springboard from which to incorporate security concerns, concepts, and education.

Presenters:

  • Peter Hauschulz - HumanIT
    Peter is a Software Test Engineer/Security Tester who holds a bachelor’s degree in Psychology and Integrative Physiology, with a focus on the influence of group perception, behavior, and pathology. His work experiences include a wide range of oddities beyond computers, from shelving library books to disaster relief and the autopsy suite. He persists in playing guitar, drums and any other instrument he can shoe-horn into a metal band or any other musical project. He is currently employed by HumanIt and the primary test engineer for a small team in Axis Communications, Lund, Sweden.

Links:

Similar Presentations: