The IT Security Gumbo: Web Application Defense is heavily focused on vulnerability management from a web security standpoint. The course provides thorough explanation on detection and remediation methods of web vulnerabilities, we then walk through a case study to apply the knowledge of detecting and defending against web based vulnerabilities. Then we provide the skills needed to perform by turning over the keys to a popular penetration testing tool used to identify vulnerabilities on the network.
By the end of this course you will learn the fundamentals of how to use OWASP Zed Attack Proxy (ZAP). This tool greatly aids security professionals and penetration testers to discover vulnerabilities within web applications. You will learn how to perform a basic web app vulnerability scan, analyze the results, and generate a report of those results. This course includes steps on how to configure the browser proxy to passively scan web requests and responses by simply exploring websites. This course will also include how to use dictionary lists to find files and folders on a web server, and how to spider crawl websites to find all the links and URLs. Finally, the end of the course gives a brief overview of how to intercept, view, modify, and forward web requests that occur between the browser and web application.