[WEB SECURITY] Experience with using HTTP proxy tools for QA testers

Rohit Sethi rklists at gmail.com
Sat Feb 26 11:06:52 EST 2011

Thanks Andre and Psiinon. I hadn't actually looked at Zed before, I'll
test it out with some qas and see how it goes



On 2/26/11, psiinon <psiinon at gmail.com> wrote:
> Hi Rohit,
> Not too surprisingly I'd recommend the OWASP Zed Attack Proxy:
> http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project (I'm the
> project lead).
> It is specifically designed to be used by people with a wide range of
> security experience and as such is ideal for developers and functional
> testers who are new to penetration testing.
> Its free, open source, cross platform, and is a fork of the open
> source Paros Proxy.
> Ease of use is a priority, and it has a significant amount of help
> pages, both included with the tool and online.
> I run courses in the company I work for in which I teach pen testing
> techniques to QA testers, and on those courses ZAP has proved to be
> very effective.
> Let me know if you would like any more info about it, or any advice
> and guidance for using it in training courses.
> And if you have any suggestions as to how we could make ZAP more
> suitable then please let me know - I want ZAP to be the most effective
> tool for QA testers.
> Many thanks,
> Psiinon
> On Fri, Feb 25, 2011 at 5:29 PM, Rohit Sethi <rklists at gmail.com> wrote:
>> Does anyone have experience rolling out an HTTP Proxy tool for QA testers?
>> What proxy tools have you seen successfully used by QA? We're looking for
>> free tools in particular. While many security testers are comfortable with
>> burp-suite, webscarab, fiddler, etc., some (but certainly not all) QA
>> shops
>> are looking for simpler-to-use tools with fewer features that work with IE
>> 7+.
>> Thanks,
>> --
>> Rohit Sethi
>> Security Compass
>> http://www.securitycompass.com
>> twitter: rksethi
>> _______________________________________________
>> The Web Security Mailing List
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> WASC on Twitter
>> http://twitter.com/wascupdates
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Sent from my mobile device

Rohit Sethi
Security Compass
twitter: rksethi

More information about the websecurity mailing list