Automation and scale with OWASP ZAP

When (day):
16:00 - 17:00

Session Video

About this session

“Have you tried scanning hundreds of web applications in a single day? In this talk, I will explain how we use OWASP ZAP to scan web applications at scale, detailing the various challenges we faced and what solutions we implemented. The talk will cover various challenges:

  • Queueing and organizing URLs for scanning
  • Authentication and session renewal
  • Slow web applications and blockages
  • Duplicate vulnerabilities
  • Resource management (CPU / RAM / HD)
  • Scan monitoring All the work was done on top of OWASP ZAP, with various changes submitted to the project. ZAP was used for scanning, with the - crawling being done by a third-party component.”