1
00:00:00,300 --> 00:00:04,170
‫So let's see how to install and perform the first scan using the quick scan option.

2
00:00:05,340 --> 00:00:07,950
‫First, let's see how to download and install OWASP.

3
00:00:08,160 --> 00:00:08,580
‫Zap.

4
00:00:09,930 --> 00:00:12,410
‫In a browser, I search for OWASP Zap.

5
00:00:13,360 --> 00:00:15,430
‫So, you know, are the Google advertisements on top?

6
00:00:16,530 --> 00:00:23,970
‫But the first link is the link to OWASP is that attack proxy, oh, wasps, that attack proxy pages

7
00:00:23,970 --> 00:00:26,010
‫have a lot of helpful information about the tool.

8
00:00:27,570 --> 00:00:33,870
‫So by clicking download now, it brings us to the GitHub page of the Wasp Zap tool.

9
00:00:34,830 --> 00:00:40,320
‫Here you have some packages and installers for different platforms, so you can choose the appropriate

10
00:00:40,320 --> 00:00:45,480
‫one and click it to download because I want to use sap with my colleague.

11
00:00:45,990 --> 00:00:52,590
‫I'll download Linux installer or package, so I'll choose the Linux installer.

12
00:00:53,800 --> 00:00:58,210
‫Now here is, you see, I already have the package downloaded before, so I'll ignore this stuff.

13
00:00:58,450 --> 00:01:04,540
‫But importantly, the Linux Installer link brings you the file with the Dot S.H. extension.

14
00:01:09,730 --> 00:01:14,890
‫And when you analyze it with a file command, you'll see that it's an executable shell script.

15
00:01:16,810 --> 00:01:22,720
‫To run it, type, dot, slash and the file name inside the folder, but hold on.

16
00:01:23,770 --> 00:01:27,220
‫The file does not have the execution rates by default.

17
00:01:27,970 --> 00:01:34,690
‫So to make it executable by everybody Type C Age Mod 75 file name.

18
00:01:35,660 --> 00:01:41,420
‫Now it's executable, and we can type that slash and file name to install Zap.

19
00:01:41,600 --> 00:01:48,260
‫But since it's already embedded in Cali, I'm not going to need to install it again.

20
00:01:49,460 --> 00:01:58,520
‫So to use OWASP, Zap Type, OWASP, Dash, Zap in anywhere and hit enter or open the applications menu

21
00:01:58,520 --> 00:02:03,440
‫and type O was the find the tool and click its icon to start Zap.

22
00:02:05,550 --> 00:02:09,570
‫As you see, the downloaded version and the embedded version are the same.

23
00:02:09,810 --> 00:02:12,960
‫So that means we have the current version of his app in our calling.

24
00:02:15,440 --> 00:02:18,320
‫So now it asks if you want to save this obsession?

25
00:02:18,770 --> 00:02:19,910
‫I'll choose No.

26
00:02:20,240 --> 00:02:20,740
‫No worries.

27
00:02:20,750 --> 00:02:22,580
‫I mean, you can say the session whenever you want.

28
00:02:24,080 --> 00:02:29,030
‫So now let's see the quick scan option of Zap in the Quickstart tab.

29
00:02:29,930 --> 00:02:36,200
‫Enter the URL address of the application you want to scan and click the attack button to start the scan.

30
00:02:37,280 --> 00:02:40,430
‫First, the spider runs to crawl the application.

31
00:02:41,410 --> 00:02:46,330
‫And at the left pane of the zaps user interface, you'll see the discovered pages of the application.

32
00:02:47,380 --> 00:02:52,750
‫So now they're yellow or orange flag icons next to some of the pages and folders.

33
00:02:53,110 --> 00:02:57,670
‫That means Zap has already found some medium and low level vulnerabilities.

34
00:02:58,480 --> 00:03:02,740
‫So look at the Alerts tab, you'll see all the vulnerabilities found by now.

35
00:03:02,800 --> 00:03:09,430
‫And as we said before, Zap runs the passive scan all the time you use it, so it's always running in

36
00:03:09,430 --> 00:03:10,870
‫the spidering phase as well.

37
00:03:14,850 --> 00:03:21,450
‫Now, look at the dam vulnerability web applications folder DVD way, you see, the only page discovered

38
00:03:21,450 --> 00:03:22,470
‫is a login page.

39
00:03:23,460 --> 00:03:30,600
‫The application allows us to see only the log in screen if we don't log in to the app that doesn't have

40
00:03:30,600 --> 00:03:36,380
‫any valid session or credentials, so it can only find the login page of the DVD app.

41
00:03:43,710 --> 00:03:49,140
‫And here you can stop or pause the spidering phase by clicking any of the buttons inside the Spider

42
00:03:49,140 --> 00:03:49,560
‫tab.

43
00:03:50,660 --> 00:03:54,620
‫And to make the demonstration faster, I'll stop the spidering phase now.

44
00:03:55,980 --> 00:04:00,960
‫So as soon as the spidering phase finishes, Zap starts the active scan phase.

45
00:04:01,940 --> 00:04:09,110
‫In the active scan tab, there is a button to show the scan progress details and Samus Spider, you

46
00:04:09,110 --> 00:04:15,020
‫can stop or pause the active scan phase by clicking the corresponding button and any alerts tab.

47
00:04:15,380 --> 00:04:17,990
‫We'll see the numbers of the findings are increasing.

48
00:04:19,070 --> 00:04:21,080
‫So let's look at the scan progress details.

49
00:04:24,210 --> 00:04:30,660
‫Now, the left side of the panel there, the names of the vulnerabilities tested by Zap, the Rex column

50
00:04:31,410 --> 00:04:35,280
‫show the number of requests sent to test that vulnerability.

51
00:04:36,650 --> 00:04:41,960
‫The progress column shows the current status of the progress for that particular vulnerability.

52
00:04:46,510 --> 00:04:51,550
‫And you can stop or cancel any test for a vulnerability by clicking the small button at the right side

53
00:04:51,550 --> 00:04:53,120
‫of the row of that vulnerability.

54
00:04:54,010 --> 00:04:56,980
‫Zap continues to the next vulnerability test.

55
00:05:13,450 --> 00:05:18,610
‫Here it finds some vulnerabilities in high severity level is a reflected excess.

56
00:05:19,560 --> 00:05:22,140
‫Don't worry, we'll see the vulnerability in detail.

57
00:05:24,230 --> 00:05:28,040
‫So here is a request sent to test the reflected XSS vulnerability.

58
00:05:30,940 --> 00:05:33,580
‫Now, here's an important warning about the automated tools.

59
00:05:34,360 --> 00:05:38,380
‫The findings of the tool might be a false positive.

60
00:05:39,340 --> 00:05:47,260
‫A false positive is where you receive a positive result for tests when you should have received a negative

61
00:05:47,260 --> 00:05:47,710
‫result.

62
00:05:48,250 --> 00:05:50,440
‫So it sometimes is called a false alarm.

63
00:05:52,160 --> 00:05:55,040
‫So you have to verify any finding.

64
00:05:56,630 --> 00:06:01,640
‫So now let's see if the script code executes in this excess test.

65
00:06:02,970 --> 00:06:10,170
‫It's a get request, so there is not any particular parameter in the body, we can simulate the attack

66
00:06:10,170 --> 00:06:13,290
‫just by copying and pasting the URL of the test request.

67
00:06:14,100 --> 00:06:15,540
‫Now see how the script runs.

68
00:06:15,870 --> 00:06:18,030
‫The finding is a true positive.

69
00:06:20,230 --> 00:06:21,340
‫So I think that's enough.

70
00:06:21,460 --> 00:06:24,460
‫I don't think there's any need to wait until the end of the scan.