OWASP ZAP For Pentesting And Bug Bounties From Scratch FREE

The Best Free Learning Resource For OWASP ZAP out there

what you'll learn

Anyone who has used burp suite pro but wants a free alternative
If you've never used a MiTM proxy
If you want to intercept traffic from your browser to the server
If you want to automatically scan your application for vulnerabilities

WhatIsThis?

OWASP Zed Attack Proxy AKA ZAP is a great tool for pen-testers and bug bounty hunters alike. Everyone needs a MitM proxy if they are investigating application traffic and while there are many to pick from, ZAP has distinct advantages over all of them.

Compared to burp suite pro, OWASP ZAP includes the same features but is free.

Compared to Charles proxy, ZAP includes more interactivity.

ZAP has context-dependent UI screens, meaning they only show you what is relevant at that time to avoid screen clutter.

ZAP works with a server/database system, allowing you to easily make and restore snapshots.

We can keep on going on forever about it's clear this is an essential tool for any hacker who takes themselves even the least bit serious. While it may be a bit harder to learn since everyone is used to burp suite, this tutorial aims to guide you through the basics in video format. You can follow along with the instructor and even perform the automated scans on labs that are created by the author.



Your Instructor


Wesley Thijs
Wesley Thijs

I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were. As a software test i have a unique skill set that centers around logic flaws and IDORs which i have not seen very much by other hunters. This gives me the advantage of finding less duplicates and maximizing my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.


Course Curriculum


  Introduction
Available in days
days after you enroll
  001. OWASP ZAP Intro screen
Available in days
days after you enroll
  002. Contexts
Available in days
days after you enroll
  003. Site Tree
Available in days
days after you enroll
  004. Automated scanning
Available in days
days after you enroll
  005. Fuzzing
Available in days
days after you enroll
  006. Directory brute forcing
Available in days
days after you enroll
  007. Interruptor
Available in days
days after you enroll
  008. Add-ons
Available in days
days after you enroll
  009. Manual browsing
Available in days
days after you enroll
  010. A simulated pentest
Available in days
days after you enroll
  Practical Examples
Available in days
days after you enroll
  999 Extras
Available in days
days after you enroll

Frequently Asked Questions


When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.

Get started now!