OWASP ZAP API Automation

•Transferir como PPTX, PDF•

0 gostou•676 visualizações

Workshop on OWASP ZAP API automation

OWASP ZAP API Automation
Workshop

Session Agenda
● Introduction to ZAP
● Familiarize with ZAP UI
● Hands on workshop of using ZAP with selenium
● Hands on some key features of ZAP using ZAP API
● Demo - ZAP Integration with CI/CD

What is ZAP ?
● The OWASP ZED Attack proxy (ZAP) is a penetration
testing tool for finding vulnerabilities in the web
applications.
● Designed to be used by people with wide range of
security experience.
● Cross platform.
● Marketplace.
● Released on September 2010.
● Current version 2.7.0

Key Features of ZAP
● Intercepting proxy
● Spider
● Passive Scanners
● Active Scanners
● Fuzzing
● Report Generation

Active Scan
● Performs attacks on the application
● Run when explicitly invoked by the user
● Scan policy
● Set of pre configured rules
● Attack Strength
○ Low – to be up to 6 requests
○ Medium – to be up to 12 requests
○ High- to be up to 24 requests
○ Insane- to be over 24 requests
● Attack threshold
○ Off - scanner won't run.
○ Low - lead to false positives.
○ High - lead to false negatives
● Cannot identify any logical vulnerability
○ Example - broken access control

Report Generation
Alert - Potential vulnerability
Risk - Informational,Low,Medium,High
Beware of false positives
Confidence
● False Positive - for potential issues that you later find are not exploitable
● Low - for unconfirmed issues
● Medium - for issues you are somewhat confident of
● High - for findings you are highly confident in
● Confirmed - for confirmed issues
Tag an alert to be false positive

Fuzzing
Automated software testing technique that involves providing
invalid, unexpected, or random data as inputs to a computer
program
ZAP allows you to fuzz any request using:
● A build in set of payloads
● Payloads defined by optional add-ons
● Custom scripts

HANDS ON ...

https://github.com/sukesh7/ZapWorkshop.git

Active Scan
Rules
● Release quality: master/src/org/zaproxy/zap/extension/ascanrules
● Beta quality: branches/beta/src/org/zaproxy/zap/extension/ascanrulesBeta
● Alpha quality: branches/alpha/src/org/zaproxy/zap/extension/ascanrulesAlpha

Integration with CI/CD
Security tests in CI pipeline - Early feedback on security vulnerabilities
Steps:
● Start ZAP daemon on 8080 port
● Run tests
● Generate results
● Fail build for HIGH vulnerabilities
● Stop Server
Demo on configuring ZAP in Go CI
Active scan rules mapping page -https://www.owasp.org/index.php/ZAPpingTheTop10

More ZAP Features….
● Authentication and session support
● Smartcard and client digital certificate support
● Anti CSRF token handling
● Port scanner
● WebSockets support.
● Marketplace

Questions ??

Thank you

Mais conteúdo relacionado

Mais procurados

TestIstanbul 2015

TestIstanbul 2015

TestIstanbul 2015

Performance Testing using Taurus

Performance Testing using Taurus

Performance Testing using Taurus

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Tabăra de Testare

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

If you’re coding Django, you will inevitably need to upgrade your project’s version of Django to a newer version. Is this process really tedious, you ask? YES. But before you jump off a cliff in despair, come to my talk and learn time-saving strategies on this upgrade process. I'll go over my work in upgrading a web application from Django 1.3 to 1.7 and the lessons that I've learned in that arduous process.

How to Upgrade to the Newest Shiniest Django Version

How to Upgrade to the Newest Shiniest Django Version

How to Upgrade to the Newest Shiniest Django Version

PAC 2019 virtual Bruno Audoux

PAC 2019 virtual Bruno Audoux

PAC 2019 virtual Bruno Audoux

OWASP DefectDojo - Open Source Security Sanity

OWASP DefectDojo - Open Source Security Sanity

OWASP DefectDojo - Open Source Security Sanity

J hipster

Working With People Adl Uni

Working With People Adl Uni

Working With People Adl Uni

Matthew Landauer

How do front-developers that have started testing or working with OutSystems generally view the Platform, before they get to fully harness its power? They usually say it's more restrictive than they're used to and that it doesn't allow them to do what they need to do. Fear no more! We're here to debunk that myth and show you that behind all its nuances, OutSystems has a truly powerful Platform that can enable you to build pretty much anything. In this webinar, you will: - Slay a dragon named "You can't do that with OutSystems!" - Understand (some of) the inner workings of the Platform. - Get some tips on how to organize your front-end code in a better way. - Learn how you can become much more productive doing front-end work with OutSystems. - Become an awesome front-end developer. It's all up to you, but we're giving you all the tools! Free Online training: https://www.outsystems.com/learn/courses/ Follow us on Twitter http://www.twitter.com/OutSystemsDev Like us on Facebook http://www.Facebook.com/OutSystemsDev

Training Webinar: Top front-end techniques for OutSystems

Training Webinar: Top front-end techniques for OutSystems

Training Webinar: Top front-end techniques for OutSystems

Mais procurados (12)

TestIstanbul 2015

TestIstanbul 2015

TestIstanbul 2015

Performance Testing using Taurus

Performance Testing using Taurus

Performance Testing using Taurus

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Zed Attack Proxy (ZAP) Quick Intro - TdT@Cluj #20

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

How to Upgrade to the Newest Shiniest Django Version

How to Upgrade to the Newest Shiniest Django Version

How to Upgrade to the Newest Shiniest Django Version

PAC 2019 virtual Bruno Audoux

PAC 2019 virtual Bruno Audoux

PAC 2019 virtual Bruno Audoux

OWASP DefectDojo - Open Source Security Sanity

OWASP DefectDojo - Open Source Security Sanity

OWASP DefectDojo - Open Source Security Sanity

J hipster

Working With People Adl Uni

Working With People Adl Uni

Working With People Adl Uni

Training Webinar: Top front-end techniques for OutSystems

Training Webinar: Top front-end techniques for OutSystems

Training Webinar: Top front-end techniques for OutSystems

Semelhante a OWASP ZAP API Automation

Automated Security Testing

Automated Security Testing

Automated Security Testing

JavaOne 2014 Security Testing for Developers using OWASP ZAP

JavaOne 2014 Security Testing for Developers using OWASP ZAP

JavaOne 2014 Security Testing for Developers using OWASP ZAP

Security Testing using ZAP in SFDC

Security Testing using ZAP in SFDC

Security Testing using ZAP in SFDC

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_0101_talks In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges. This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example.

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oct 15 2017 http://cybersecurity.withthebest.com In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP's API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

BlackHat 2014 OWASP ZAP Turbo Talk

BlackHat 2014 OWASP ZAP Turbo Talk

BlackHat 2014 OWASP ZAP Turbo Talk

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

ZAP @FOSSASIA2015

ZAP @FOSSASIA2015

ZAP @FOSSASIA2015

Sumanth Damarla

Zed Attack Proxy (ZAP)

Zed Attack Proxy (ZAP)

Zed Attack Proxy (ZAP)

JAINAM KAPADIYA

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Owasp zap

ColdFusionConference

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

AllDayDevOps ZAP automation in CI

AllDayDevOps ZAP automation in CI

AllDayDevOps ZAP automation in CI

OWASP 2012 AppSec Dublin ZAP Intro

OWASP 2012 AppSec Dublin ZAP Intro

OWASP 2012 AppSec Dublin ZAP Intro

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.

DC612 Day - Hands on Penetration Testing 101

DC612 Day - Hands on Penetration Testing 101

DC612 Day - Hands on Penetration Testing 101

Netflix accounts for more than a third of all traffic heading into American homes at peak hours. Making sure users are getting the best possible experience at all times is no simple feat and performance is at the core of this experience. In order to ensure performance and maintain development agility in a highly decentralized environment/(organization?), Netflix employs a multitude of strategies, such as production canary analysis, fully automated performance tests, simple zero-downtime deployments and rollbacks, auto-scaling clusters and a fault-tolerant stateless service architecture. We will present a set of use cases that demonstrate how and why different groups employ different strategies to achieve a common goal, great performance and stability, and detail how these strategies are incorporated into development, test and DevOps with minimal overhead.

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

we45 DEFCON Workshop - Building AppSec Automation with Python

we45 DEFCON Workshop - Building AppSec Automation with Python

we45 DEFCON Workshop - Building AppSec Automation with Python

JoinSEC 2013 London - ZAP Intro

JoinSEC 2013 London - ZAP Intro

JoinSEC 2013 London - ZAP Intro

Semelhante a OWASP ZAP API Automation (20)

Automated Security Testing

Automated Security Testing

Automated Security Testing

JavaOne 2014 Security Testing for Developers using OWASP ZAP

JavaOne 2014 Security Testing for Developers using OWASP ZAP

JavaOne 2014 Security Testing for Developers using OWASP ZAP

Security Testing using ZAP in SFDC

Security Testing using ZAP in SFDC

Security Testing using ZAP in SFDC

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

2021 ZAP Automation in CI/CD

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...

BlackHat 2014 OWASP ZAP Turbo Talk

BlackHat 2014 OWASP ZAP Turbo Talk

BlackHat 2014 OWASP ZAP Turbo Talk

ZAP @FOSSASIA2015

ZAP @FOSSASIA2015

ZAP @FOSSASIA2015

Zed Attack Proxy (ZAP)

Zed Attack Proxy (ZAP)

Zed Attack Proxy (ZAP)

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Zed attack proxy [ What is ZAP(Zed Attack Proxy)? ]

Owasp zap

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...

AllDayDevOps ZAP automation in CI

AllDayDevOps ZAP automation in CI

AllDayDevOps ZAP automation in CI

OWASP 2012 AppSec Dublin ZAP Intro

OWASP 2012 AppSec Dublin ZAP Intro

OWASP 2012 AppSec Dublin ZAP Intro

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015

DC612 Day - Hands on Penetration Testing 101

DC612 Day - Hands on Penetration Testing 101

DC612 Day - Hands on Penetration Testing 101

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

we45 DEFCON Workshop - Building AppSec Automation with Python

we45 DEFCON Workshop - Building AppSec Automation with Python

we45 DEFCON Workshop - Building AppSec Automation with Python

JoinSEC 2013 London - ZAP Intro

JoinSEC 2013 London - ZAP Intro

JoinSEC 2013 London - ZAP Intro

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Histor y of HAM Radio presentation slide

Histor y of HAM Radio presentation slide

Histor y of HAM Radio presentation slide

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Histor y of HAM Radio presentation slide

Histor y of HAM Radio presentation slide

Histor y of HAM Radio presentation slide

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

OWASP ZAP API Automation

1. OWASP ZAP API Automation Workshop

2. Session Agenda ● Introduction to ZAP ● Familiarize with ZAP UI ● Hands on workshop of using ZAP with selenium ● Hands on some key features of ZAP using ZAP API ● Demo - ZAP Integration with CI/CD

3. What is ZAP ? ● The OWASP ZED Attack proxy (ZAP) is a penetration testing tool for finding vulnerabilities in the web applications. ● Designed to be used by people with wide range of security experience. ● Cross platform. ● Marketplace. ● Released on September 2010. ● Current version 2.7.0

4.

5. Key Features of ZAP ● Intercepting proxy ● Spider ● Passive Scanners ● Active Scanners ● Fuzzing ● Report Generation

6. Active Scan ● Performs attacks on the application ● Run when explicitly invoked by the user ● Scan policy ● Set of pre configured rules ● Attack Strength ○ Low – to be up to 6 requests ○ Medium – to be up to 12 requests ○ High- to be up to 24 requests ○ Insane- to be over 24 requests ● Attack threshold ○ Off - scanner won't run. ○ Low - lead to false positives. ○ High - lead to false negatives ● Cannot identify any logical vulnerability ○ Example - broken access control

7. Report Generation Alert - Potential vulnerability Risk - Informational,Low,Medium,High Beware of false positives Confidence ● False Positive - for potential issues that you later find are not exploitable ● Low - for unconfirmed issues ● Medium - for issues you are somewhat confident of ● High - for findings you are highly confident in ● Confirmed - for confirmed issues Tag an alert to be false positive

8. Fuzzing Automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program ZAP allows you to fuzz any request using: ● A build in set of payloads ● Payloads defined by optional add-ons ● Custom scripts

9. HANDS ON ...

10. https://github.com/sukesh7/ZapWorkshop.git

11. Active Scan Rules ● Release quality: master/src/org/zaproxy/zap/extension/ascanrules ● Beta quality: branches/beta/src/org/zaproxy/zap/extension/ascanrulesBeta ● Alpha quality: branches/alpha/src/org/zaproxy/zap/extension/ascanrulesAlpha

12. Integration with CI/CD Security tests in CI pipeline - Early feedback on security vulnerabilities Steps: ● Start ZAP daemon on 8080 port ● Run tests ● Generate results ● Fail build for HIGH vulnerabilities ● Stop Server Demo on configuring ZAP in Go CI Active scan rules mapping page -https://www.owasp.org/index.php/ZAPpingTheTop10

13. More ZAP Features…. ● Authentication and session support ● Smartcard and client digital certificate support ● Anti CSRF token handling ● Port scanner ● WebSockets support. ● Marketplace

14. Questions ??