Software Engineering Radio - the podcast for professional software developers

SE Radio 568: Simon Bennetts on OWASP Dynamic Application Security Testing Tool ZAP

Jun 14, 2023

50:36

Snipd AI

Simon Bennetts, a distinguished engineer at Jit, discusses the open-source security testing tool ZAP. They explore ZAP's features, its ability to integrate with CI/CD and shift security left, building a successful open-source project, scripting with ZAP, and its future in the AI-powered world of bots.

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

ZAP is a dynamic application security testing tool focused on web applications that interacts via HTTP, HTTPS, and websockets.

Simon Bennett, the creator of ZAP, developed it as an open source project to address the lack of maintained web security tools and provide developers and security professionals with a reliable option.

ZAP's transparency, extensibility, scripting capabilities, and integration with other tools make it a go-to DAST tool for automation and customized security testing.

Deep dives

Zap as a Dynamic Application Security Testing (DAST) Tool

Zap is a dynamic application security testing tool, focused on web applications. It interacts with web applications via HTTP, HTTPS, and web sockets. Zap performs attacks on applications, simulating the actions of a malicious attacker. However, it does not intentionally cause any harm. Zap is recommended to be used only on applications that the user has permission to test.

Introduction

3min

ZAP: Origins, Target Audience, and Features

10min

Managing an Open Source Project: Challenges and Funding

2min

OWASP ZAP project and its different versions

4min

Using Virtual Reality with ZAP

20min

Finding and Fixing Simple Vulnerabilities

9min

Exploring the Capabilities of OWASP Dynamic Application Security Testing Tool ZAP

3min

Simon Bennetts, a distinguished engineer at Jit, discusses one of the flagship projects of OWASP: the Zed Attack Proxy (ZAP) open source security testing tool. As ZAP’s primary maintainer, Simon traces the tool's origins and shares some anecdotes with SE Radio host Priyanka Raghavan on why there was a need for it. They take a deep dive into ZAP’s features and its ability to integrate with CI/CD, as well as shift security left. Bennetts also considers what it takes to build a successful open source project before spending time on ZAP’s ability to script to provide richer results. Finally, the conversation ends with some questions on ZAP’s future in this AI-powered world of bots.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Radio - the podcast for professional software developers

SE Radio 568: Simon Bennetts on OWASP Dynamic Application Security Testing Tool ZAP

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Zap as a Dynamic Application Security Testing (DAST) Tool

The Birth of Zap: From Developer to Security Tester

Key Differentiators and Strengths of Zap

Integration and Compatibility with Other Tools

Contributing to Zap and Community Involvement

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Software Engineering Radio - the podcast for professional software developers

SE Radio 568: Simon Bennetts on OWASP Dynamic Application Security Testing Tool ZAP

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Zap as a Dynamic Application Security Testing (DAST) Tool

The Birth of Zap: From Developer to Security Tester

Key Differentiators and Strengths of Zap

Integration and Compatibility with Other Tools

Contributing to Zap and Community Involvement

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights