{"id":58820,"date":"2022-10-03T09:38:36","date_gmt":"2022-10-03T01:38:36","guid":{"rendered":"https:\/\/version-2.com\/?p=58820"},"modified":"2022-12-02T18:14:42","modified_gmt":"2022-12-02T10:14:42","slug":"how-to-test-application-with-zap-part-one","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/10\/how-to-test-application-with-zap-part-one\/","title":{"rendered":"How to test application with ZAP &#8211; Part One"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"58820\" class=\"elementor elementor-58820\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\n<p align=\"center\"><img decoding=\"async\" class=\"head-img\"  src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg\" alt=\"\" ><\/p>\n\n<p>Previously, I wrote about the prevention steps while developing your web application. While developing, you need to test it too, and of course, after development is done and the code is merged again, the application must be tested by the QA team.&nbsp;<\/p><p>When the code is in the development stage, and you just want to test the functionality, you don\u2019t need to set up an environment. The test would be done in your localhost. But if you want to do security tests, you will need to set up an environment. In this article, I want to show you how to set up a test environment, which will also serve as a reference point for the following articles.<\/p><h4><em>Why is it good practice to set up an environment with virtual machines when testing a web application?<\/em><\/h4><p>First, I will be focusing on testing the HTTP requests\/responses as they are something the attacker will first try to compromise.<\/p><p>Thus, to test if HTTPs are secure, you can set up some virtual machines.<\/p><p>As I mentioned, our focus will be on HTTP. First, I will give a short description of HTTP.<\/p><p><strong>HTTP &#8211; HyperText Transfer Protocol<\/strong><\/p><p><u>HTTP request<\/u>&nbsp;is a request made by a client to access some resource on the server.<\/p><p><u>HTTP response<\/u>&nbsp;is a response made by a server to a client with the requested resources.<\/p><p><u>HTTP cycle<\/u><\/p><ul><li>Client makes a request to the web server<\/li><li>Web servers get the request and process it<\/li><li>Server returns a response to the client<\/li><li>Client receives the response<\/p><p><\/li><\/ul><p>To achieve these actions HTTP protocol uses HTTP methods:<\/p><ul><li>POST is used when creating a new resource<\/li><li>GET is used to get some resources to read them<\/li><li>PUT is used when updating resource<\/li><li>PATCH is used when modifying a resource. It will contain changes to the resource.<\/li><li>DELETE is used to delete the resource.<\/li><\/ul><p>Also, it is very important to mention the structure of the request\/response to create or modify them.<\/p><p>HTTP requests\/responses share a similar structure:<\/p><ol><li>A start-line contains information about the requests to be implemented and status (successful\/failed).&nbsp;<\/li><li>A custom(optional) set of HTTP headers specifying the request or describing the body included in the message.<\/li><li>An optional body contains data required for the request or the document associated with a response.&nbsp;<\/li><\/ol><p>The start-line and HTTP headers are called&nbsp;<strong>the head<\/strong>&nbsp;of the requests, and the payload is known as the&nbsp;<strong>body<\/strong>.<\/p><h4><em>Setting up the environment<\/em><\/h4><p>First, we will need to setup two virtual machines. I will be very detailed about the setup because I want this setup to be the reference for future articles.&nbsp;<\/p><p>We will set up two machines, one with&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.kali.org\/\">Kali<\/a>&nbsp;and the second with&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/ubuntu.com\/download\/server\">Ubuntu<\/a>&nbsp;Server. You can set up many different hypervisors such as VMware Workstation&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.vmware.com\/products\/workstation-player.html\">Player<\/a>\/<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/customerconnect.vmware.com\/en\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workstation_pro\/16_0\">Pro<\/a>, Oracle&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.virtualbox.org\/wiki\/Downloads\">VirtualBox<\/a>,&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/learn.microsoft.com\/en-us\/virtualization\/hyper-v-on-windows\/quick-start\/enable-hyper-v\">Hyper-V-Manager<\/a>(Windows Pro\/Enterprise or Education), etc.<\/p><p>I am going to set up the environment using VMWare Pro.&nbsp;<\/p><h4><em>Setting up Kali<\/em><\/h4><p>There are some prerequisites to install Kali:<\/p><ul><li>8 GB of memory<\/li><li>A quad-core CPU<\/li><li>500 GB of Hard Drive<\/li><\/ul><p>Download the Kali ISO image from their official&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.kali.org\/\">site<\/a>. Open VMware Workstation and go to File =&gt; New Virtual Machine or use Ctrl+N. Next window will pop up:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llg3hc4oe80kpbhf23adf5.png\"><p>Click next, then browse to the Kali ISO file location and click next.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llgzx14oex0kpb8dhz82x2.png\"><p>Choose Linux as the Guest Operating system, then click next.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llhi970wdm0kpf1kkxb6vp.png\"><p>Give the name to the VM and change location if you want, and then click on next.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lmrwbd0x4a0kpf0vkde3hm.png\"><p>As it says, recommended disk size is default 20GB. I recommend that you give around 30-50GB. Then mark on Store virtual disk as a single file and click next.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llj3my0wfl0kpf9bg60sqi.png\"><p>Click on customize the hardware, and the following window will appear:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lljpif0wgf0kpff8zp6iep.png\"><p>Choose tab Processors and give your Kali VM two cores. Then choose memory for the virtual machine and give it at least 2GB of RAM. The network adapter should be NAT which is the default setting. Click finish.  <\/p><p>You have set up the VM and now need to install the OS. You will use the Kali ISO file you chose initially and power up your VM.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llkfa54oip0kpbdho5h05e.png\"><p>Click on Graphical install. Then choose the language.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llkxsf0whh0kpf61gtfkm9.png\"><p>Then continue to the next step, which is choosing your location and continue. Choose the keyboard and continue.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lllp8q4ojr0kpbbw0ve8c5.png\"><p>Create a name for the VM.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llmbx60wih0kpf7eg230du.png\"><p>When you click on continue, you will see the field to write domain name, which is optional. When you click on continue, a new window will appear and ask you to write your name.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llmv550wiw0kpfhx2iawif.png\"><p>The next window will ask you to create your username; I chose jenny. Then click on continue to create your password.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llnm5l0wjq0kpf75dw37a3.png\"><p>Enter and re-enter your password. Then configure the clock.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llobc00wkd0kpf481xgeil.png\"><p>And then leave the first option selected and continue \u2013 Guided \u2013 use the entire disk.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llot1a4omp0kpbcf7pe784.png\"><p>Then select the partition disk.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llpcpc4on40kpbh750ezh9.png\"><p>For our purpose, we can leave the first selected partitioning scheme. This is the simplest way.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llpyyy0wlt0kpf8kb1f57z.png\"><p>Then make sure you leave selected finish partitioning and write changes to disk.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llqjmv0wm20kpf4658fqrm.png\"><p>Then choose Yes.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llqwha0wmd0kpfdll756eo.png\"><p>For software selection, just choose the defaults as in the picture below.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llu8k40wok0kpf9i2shree.png\"><p>Install the GRUB bootloader by clicking on yes.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llurlo4oqc0kpb4h5i1exz.png\"><p>Choose your virtual hard drive to install it on. It will probably be your only option to select.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llvdgr4oqr0kpbg7p13uwv.png\"><p>Click continue and wait for the installation to complete. Great job, the installation is now complete! Don\u2019t forget to reboot the machine after installation. <\/p><p>If you get prompted with the installation again, go to your VM settings \u2013 Edit Virtual Machine Settings, choose CD\/DVD and uncheck and check the Use Physical Drive box. This is done so that you don\u2019t boot off the ISO again, which would ask you to install Kali again. You already installed it, and it is on your virtual hard drive.<\/p><p>Now we have set up one virtual machine and are left with the second one \u2013 our Ubuntu Server.<\/p><h4><em>Setting up Ubuntu<\/em><\/h4><p>I will repeat the step by adding a new Virtual machine in VMware Workstation.<\/p><p>There are some prerequisites to install Ubuntu:<\/p><ul><li>GHz Dual Core Processor<\/li><li>20GB hard drive space<\/li><li>1GB RAM<\/p><p><\/li><\/ul><p>Open WMware and add a new VM. Repeat the entire process in the same way as we did for Kali; just use the Ubuntu Server ISO file.<\/p><p>When Ubuntu VM is created, proceed with the installation of the OS.<\/p><p>First, power on your new Ubuntu machine. Use your keyboard to navigate through the installation process. Use Space to check boxes if you want to choose something other than defaults; use Enter to continue.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llx3fu4os50kpb39xugoo9.png\"><p>Choose language and press enter, do the same for the next step when choosing the keyboard. Then hit enter.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llxmf40wqx0kpf7zgxba2a.png\"><p>This looks good to me, so I move on to the next step. Then for the proxy and mirror address, press enter \u2013 I am not adding anything here, and I am choosing the default mirror as it will pick the closest server to my location, thus giving me the fastest install.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lly81e0wr70kpf0cp12cz8.png\"><p>Deselect set up this disk as an LVM group. Then press enter and for the next step press enter again.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llypdu0wrh0kpfbufacwmr.png\"><p>Press Continue.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llz2rd4ot30kpb6mwz1rgq.png\"><p>Fill in all fields and click Done. No Ubuntu token is necessary for the next step, so press enter.<\/p><p>Select to install OpenSSH server and enter. <\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8llzkwr4ote0kpbh1bo6g75.png\"><p>For the next step, leave all unmarked and press enter. Make sure you reboot the server and press enter. Voil\u00e0! Your Ubuntu machine is ready to use!\u200b\u200b<\/p><p>We have set up the second virtual machine and are ready to ping them, so we know they see each other.<\/p><h4><em>How to ping Ubuntu from Kali in the local environment<\/em><\/h4><p>Finally, we can now run both machines and check their connection. I am using Kali as my attacker machine and Ubuntu as the target.&nbsp;<\/p><p>I will show you in the following article how to create a basic Angular app and use Docker to deploy the app on port 8080. But until then, we will try to hit the Ubuntu machine from Kali using Ubuntu\u2019s IP address.<\/p><p>But at this stage, I want to test if Kali can \u201csee\u201d Ubuntu. Open Ubuntu, check the IP address using command \u2013&nbsp;<strong>ip a<\/strong>, and get the&nbsp;<strong>inet<\/strong>&nbsp;address under the ens3 interface. This is the network interface that was set up during installation. My IP for Ubuntu Server is: 192.168.221.129.<\/p><p>Open Kali, go to the terminal, and use the PING command with that IP address:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm0haf0wsb0kpf7kh9hjz8.png\"><p>Ping was successful!&nbsp;<\/p><p>Lastly, to make your life easier, you might want to give your Ubuntu server a static IP, and you can also edit the \/etc\/hosts file on your attacker machine so you can SSH in with its name without using the IP address.<\/p><h3><strong>Conclusion<\/strong><\/h3><p>Good work! We finished setting up, and now we are ready to familiarize ourselves with OWASP ZAP (Zed Attack Proxy), which we will use to test our web application. For the upcoming article, it is very important to follow the steps in this article so you have everything set up.<\/p><p>In the end, secure code is the cheapest code!&nbsp; &nbsp;<\/p><p>#Kali #Ubuntu #Security_testing &nbsp;&nbsp;<\/p><p>Cover photo by <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/unsplash.com\/photos\/aYPtEknQmXE\"><strong>Markus Winkler<\/strong><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Previously, I wrote about the prevention steps while de [&hellip;]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-58820","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to test application with ZAP - Part One - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to test application with ZAP - Part One - Version 2\" \/>\n<meta property=\"og:description\" content=\"Previously, I wrote about the prevention steps while de [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-03T01:38:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-02T10:14:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/how-to-test-application-with-zap-part-one\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"How to test application with ZAP &#8211; Part One\",\"datePublished\":\"2022-10-03T01:38:36+00:00\",\"dateModified\":\"2022-12-02T10:14:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/how-to-test-application-with-zap-part-one\\\/\"},\"wordCount\":1538,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8lm6bmq4owc0kpb727z7sjm.jpg\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/10\\\/how-to-test-application-with-zap-part-one\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one\",\"name\":\"How to test application with ZAP - Part One - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8lm6bmq4owc0kpb727z7sjm.jpg\",\"datePublished\":\"2022-10-03T01:38:36+00:00\",\"dateModified\":\"2022-12-02T10:14:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8lm6bmq4owc0kpb727z7sjm.jpg\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl8lm6bmq4owc0kpb727z7sjm.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/how-to-test-application-with-zap-part-one#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to test application with ZAP &#8211; Part One\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to test application with ZAP - Part One - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one","og_locale":"en_US","og_type":"article","og_title":"How to test application with ZAP - Part One - Version 2","og_description":"Previously, I wrote about the prevention steps while de [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one","og_site_name":"Version 2","article_published_time":"2022-10-03T01:38:36+00:00","article_modified_time":"2022-12-02T10:14:42+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/10\/how-to-test-application-with-zap-part-one\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"How to test application with ZAP &#8211; Part One","datePublished":"2022-10-03T01:38:36+00:00","dateModified":"2022-12-02T10:14:42+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/10\/how-to-test-application-with-zap-part-one\/"},"wordCount":1538,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/10\/how-to-test-application-with-zap-part-one\/","url":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one","name":"How to test application with ZAP - Part One - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg","datePublished":"2022-10-03T01:38:36+00:00","dateModified":"2022-12-02T10:14:42+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl8lm6bmq4owc0kpb727z7sjm.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/how-to-test-application-with-zap-part-one#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"How to test application with ZAP &#8211; Part One"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fiI","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=58820"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58820\/revisions"}],"predecessor-version":[{"id":58824,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/58820\/revisions\/58824"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=58820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=58820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=58820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}