Webinar: Running a Web Security Testing Program with OWASP ZAP and ThreadFix


Simon Bennetts (@psiinon) and I will be doing a webinar Wednesday April 24th, 2013 at 10:30am Central Daylight Time to talk about how organizations can set up a web security testing program using the freely available tools OWASP Zed Attack Proxy (ZAP) and ThreadFix.

You can register online here: Running a Web Security Testing Program with OWASP ZAP and ThreadFix


OWASP’s Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ThreadFix is a software vulnerability management platform that allows organizations to track the results of testing and communicate vulnerabilities to software development teams. Used together, these open source tools allow organizations to build a comprehensive program of web application security testing and vulnerability management. Security analysts can perform automated and manual testing of critical applications, track the results of their testing and report metrics on their program’s effectiveness. This webinar walks through the basics of using OWASP ZAP for web application scanning and testing. It then demonstrates storing and managing these results inside of ThreadFix and communicating them to development teams for resolution. Developers and security professionals alike will benefit from seeing how these two tools used in combination can allow any organization to start taking control of the security of their web applications.

Contact us if you woud like to talk more about getting the most out of great tools like OWASP ZAP and ThreadFix.


dan _at_ denimgroup.com


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.