Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers (v2.0)

The OWASP Zed Attack Proxy (ZAP) is the Toolsmith Tool of the Year for 2011. Last Summer, the "Building OWASP ZAP Using Eclipse IDE for Java... Pen-Testers" (version 1.0) was published, and as the beggining of 2012 seems to be the time for second editions of my work ;-) (check the upcoming blog post with v2.0 of the "OWASP Session Management CheatSheet"), a new version of the guide has been released.

This new "Building OWASP ZAP Using Eclipse IDE for Java... Pen-Testers" (version 2.0), available for download from Taddong's Lab, includes significant changes from the first version. It provides an updated development environment not only to get and build the latest ZAP version from the official SVN repository, but to easily commit your changes if you want to contribute to the ZAP project. The proposed environment is more user friendly than in the first version, without requiring any external SVN client. Eclipse and Subclipse provide all the development and SVN capabilities integrated into the same tool. The guide also references the recent OWASP ZAP Extensions project and provides guidance to manage Java (JRE or JDK) updates in Eclipse.

I encourage everyone involved in Web Application Security, from architects to developers, Q&A, auditors, and pen-testers, to take a look at OWASP ZAP, the OWASP ZAP Extensions, and use this new building ZAP guide to enjoy the most current version from SVN and contribute to the project. The official "Building ZAP" Wiki has been updated to link to both versions of this guide.

NOTE: I will be talking about OWASP ZAP and release new smartcard features during my Rooted CON 2012 talk: "Security of Web Applications using the (Spanish) eID" ("Seguridad de aplicaciones web basadas en el DNIe", in Spanish).