When: October 11th, 2017
Where: Laapersveld 27, Hilversum.

This event already happened. Want to hear about future Open Kitchen events? Submit the form and stay up to date!

Did you ever have a pentest which reported one of the following? “insufficient input validation”, “Cross-Site-Scripting vulnerability”,”SQL-injection vulnerability”, “path-traversal vulnerability”. These are often “low hanging fruit” findings that developers could have seen themselves when they did code-reviews or when they did some fuzzing against the APIs.


This is where the OWASP Zed Attack Proxy (ZAP) can help quiet a lot. With automated active scanning, ZAP can fuzz the APIs you want to test and gather results for you. With the power of ZAP, checking for some of the basic security issues in your APIs becomes a lot easier!

  • • What can I use dynamic scanning for?
  • When should I use dynamic security tooling?
  • How can I teach a dynamic scanner like ZAP about my API?
  • How can I automate my security scanning with ZAP?

In this open kitchen we will introduce you to ZAP, get you set up with a sample vulnerable web-application and then guide you through some of its new features.

4:00 - Welcome
4:15 - Workshop introduction into ZAP – part 1
5:45 - Dinner & Drinks
6:30 - Other ways of using ZAP & tinkering with it yourself.
8:00 - Thanks Drinks & Networking

NB: if you want to get the best out of part 2, bring your own application to test/fuzz!