I’m in the process of delivering a new web application on Azure.
I am working through the CIS benchmark hardening recommendations for the various Azure components.
Before go live it will be pen tested by an external specialist.
I wondered what kind of pen testing I could do myself prior.
Thats when I can across OWASP ZAP.
“OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. It is one of the most active Open Web Application Security Project projects and has been given Flagship status.”
I ran through the quick start wizard and tested my web app and no real issues found.
I need to dig deeper but early signs OWASP ZAP is a useful tool to have in your arsenal for some pre pen test testing.