Talk: OWASP ZAP FTW

You wouldn't deploy code without testing but security testing often doesn't get a look in. The earlier we find bugs of any kind, the cheaper they are to fix so we shouldn't be waiting for QA, the security team or an attacker to find problems.

OWASP Zed Attack Proxy can help you automatically find security vulnerabilities in your web applications while you are developing and testing. It's free and great for developers and security professionals alike.

We'll look at the features of ZAP, demo how it can be used during development and how you might scan your web application for issues. We'll discuss some more advanced features and alternatives to investigate. You'll come away knowing how to better test your app.