OWASP ZAP Automation in CI/CD

OWASP ZAP is probably the most frequently used web application scanner in the world, and automation is one of its strengths. In this talk Simon will explain the different options you have for running ZAP in a CI/CD pipeline ranging from the packaged scans to directly driving the ZAP API. He will also explain (and maybe even demo) a new ZAP automation framework which is currently under development. ZAP is an OWASP flagship project and you can find more information on https://www.zaproxy.org/ About your speaker: Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac. Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them. Recorded: 2021-02-09 Slides: https://github.com/OWASP/www-chapter-switzerland/blob/master/assets/slides/20210209%20ZAP%20Automation%20in%20CI%20CD%20-%20Simon%20Bennetts.pdf Chapter page: https://owasp.org/www-chapter-switzerland/ Upcoming events: https://www.meetup.com/de-DE/OWASPSwitzerland/