Hello and welcome to the Complete Guide on testing your website’s security, before we begin, I would like to precise that in this tutorial, I’m going to show a program that allows website users or security professionals to test the security of their website, it’s the OWASP Zap (Zed Attack Proxy) which is completely free!!! It’s also known as the leading security testing application. Now that you know what we are talking about we can start by showing the installation.
First of all, you should start by going to the download page here, then select your operating system and choose your download version, install like any other program and you’re ready to go!
Usage of ZAP:
Once the installation is successful, you should see this when you launch the program:
If you’ve got this page, you’re good to go! Now in this page, you can see that there’s an example page http://www.softpedia.com (Be careful not to forget the http:// or https;// if the server is secured with ssl) on the URL or the attack option, this is the location where you will put in the address of the website to test, once you put it in and click on “attack”, Zap will start “Spidering” the website which means that it is searching every single webpage on the server of the website, this will allow you, once the scan finished, to scan the vulnerabilities of each and every page on that web-server. The cool part is that the program will detect for you the vulnerabilities of the pages that were scanned and list them on the “Alerts” tab on the down part of your screen. The listed vulnerabilities will be in a order that classifies them from the most important to the less important ones. They will also be described with more details if you click on a vulnerability to help you understand what is the problem and how to fix it depending on the problem.
So that’s pretty much it! Good testing and hope you enjoy ZAP!