Security Testing with OWASP ZAP in CI/CD
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free and open source security tools. This talk by the ZAP project lead will focus on embedding ZAP in continuous integration / delivery pipelines in order to automate security tests. Simon will cover the range of integration options available and explain how ZAP is being integrated into the Mozilla Cloud Services CD pipeline. He will also explain and demonstrate how to drive the ZAP API, which gives complete control over the ZAP daemon.
Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He is the OWASP Zed Attack Proxy Project Leader and works for Mozilla as part of the Cloud Services Security Team.