Tiago Mendo

Automation and scale with OWASP ZAP

A Talk by Tiago Mendo (Probely)

About this Talk

Have you tried scanning hundreds of web applications in a single day?

In this talk, I will explain how we use OWASP ZAP to scan web applications at scale, detailing the various challenges we faced and what solutions we implemented.

The talk will cover various challenges:

- Queueing and organizing URLs for scanning

- Authentication and session renewal

- Slow web applications and blockages

- Duplicate vulnerabilities

- Resource management (CPU / RAM / HD)

- Scan monitoring

All the work was done on top of OWASP ZAP, with various changes submitted to the project. ZAP was used for scanning, with the - crawling being done by a third-party component.

For more info on this session, please visit the session page on the Summit's website.

15 December 2022, 04:00 PM

04:00 PM - 05:00 PM

About The Speakers

Tiago Mendo

Tiago Mendo