What is Dynamic Security analysis ?
Dynamic application security testing (DAST) is examine the security application in the running sate and trying to poke it and prod it in unexpected ways in order to discover security vulnerabilities.
What is OWASP Zap ?
The OWASP Zap attacking proxy is one of the most popular free security tool for dynamic analysis of WEB applications. Zap is supported for cross platforms.
OWSAP zap attacking proxy can be download from the official web site
Let’s look into practical demonstration of OWASP ZAP
vulnerable image that i use in this practical can be downloaded from bellow link :
open zap by typing command in terminal “zaproxy” ,it’s easy than navigating through the menu.
Zap Dynamic Analysis
Changing Browser Proxy Setting
Right click on site link -> include in context -> default context
right click on site -> Attack->Ajax spider
right click on site -> Attack->spider
right click on site -> Attack->Active scan
Report -> Generate html Report
Sql Injection Vulnerability verification