Using the ZAP Vulnerability Scanner to Test Web Applications

Olga R. Laponina, Sergey A. Malakhovsky


The article examines tools for testing security and searching for various types of vulnerabilities in web applications. The main functionality and main components of the vulnerability testing tools W3AF, Burp Suite and OWASP ZAP are considered. Also discussed are the deployment of the environment for testing application security and implemented various options for using the vulnerability scanner OWASP ZAP. The vulnerability test was conducted in the OWASP Mutillidae application. Mutillidae implements all types of vulnerabilities listed in OWASP Top 10 2007, 2010 and 2013. The application provides the program code for working with the vulnerability scanner via the Java API.

Full Text:

PDF (Russian)


O.R. Laponina «Osnovy setevoj bezopasnosti. Chast' 1. Mezhsetevye jekrany», Uchebnoe posobie // M. Nacional'nyj Otkrytyj Universitet «INTUIT» , 2014, s. 378.

A.S. Markov, V.L. Cirlov «Audit programmnogo koda po trebovanijam bezopasnosti», //Informacionnaja bezopasnost', 2008, #2, s.46-47.

M. Fauler «UnitTest»,, 2014.

ANSI/IEEE 1059. Guide for Software Verification and Validation Plans. Approved 1994-06-03.

A. Stock, D. Cuthbert, «Application Security Verification Standard», v3.0.1 //OWASP Foundation, 2016, s.70.

J. Williams, D. Wichers, «The Ten Most Critical Web Application Security Risks», rc1, //OWASP Foundation, 2017, c.23.

M. Meucci, A. Muller, «OWASP Testing Guide», v4.0, //OWASP Foundation, 2014, s.453.

J. Williams, «OWASP Code Review Guide», //OWASP Foundation, 2013, s.191.


  • There are currently no refbacks.

Abava  Кибербезопасность IT congress 2023

ISSN: 2307-8162