Chris graduated from Drexel University with a Bachelor's degree in Information Systems, and immediately dove into the world of security at Protiviti in Philadelphia. Chris missed the mountains of Colorado too much to stay away for long, and moved back to Boulder in 2009, where he started his career at AppliedTrust. Beginning as a T1 Engineer, Chris now leads the Application Security practice. Chris specializes in web application security, secure SDLC practices, security audits, performance assessments, and disaster-recovery planning. He frequently leads teams for large IT projects, including IT rescue situations. In his spare time, Chris enjoys taking advantage of the mountains any way he can, be it snowboarding, mountain biking, or the occasional hike. He also has the travel bug and is looking forward to flying to Germany and Italy the day after the conference ends! Abstract: Web proxy's are the bread and butter tool for penetration testing, and are also incredibly useful for non-security testing and development. OWASP's Zed Attack Proxy (ZAP) is a combination web proxy, scanning tool, fuzzer, and blender in one! In this 101 course you will learn how to use a web proxy in general, some of the nifty features of ZAP, and practice against an actual Capture the Flag exercise!