Tiago MendoSession Video
About this session
“Have you tried scanning hundreds of web applications in a single day? In this talk, I will explain how we use OWASP ZAP to scan web applications at scale, detailing the various challenges we faced and what solutions we implemented. The talk will cover various challenges:
- Queueing and organizing URLs for scanning
- Authentication and session renewal
- Slow web applications and blockages
- Duplicate vulnerabilities
- Resource management (CPU / RAM / HD)
- Scan monitoring All the work was done on top of OWASP ZAP, with various changes submitted to the project. ZAP was used for scanning, with the - crawling being done by a third-party component.”