OWASP ZAP (Zed Attack Proxy) Lab
In this lab the student is able to use the OWASP ZAP (Zed Attck Proxy) to do a pentest (penetration test) on a sample application. The application staged for scanning is the WebGoat web application. Two AWS EC2 instances are created. The first is to host the ZAP application. The second is to host the WebGoat application. The student is guided through the process of running ZAP from their Linux command line to execute the test. Then the student is able to interogate the results and consider various resources for determining appropriate remediation.