Ops 401: Class 37

This topic matters as it relates to what I'm studying in this module because I need to learn about tools like Burp Suite or ZAP, and techniques like the 'Explore, Attack, Report' stages to simulate attacks on your systems and learn how to defend against them. Penetration Testing, or pen testing, is a key topic in cybersecurity.

What are the three common stages of the Penetration Testing process and what tasks are performed at each one?

• The Penetration Testing process commonly consists of three stages: Explore, Attack, and Report. During the Explore stage, you understand the system, create a structure, and identify the technologies used. The Attack stage is where vulnerabilities are found and exploited. Finally, in the Report stage, you communicate your findings, risks, and recommendations.

Explain a “main-in-the-middle proxy” in non-technical terms.

• A "man-in-the-middle proxy" is like an interpreter sitting between two people who speak different languages. It helps them understand each other, but could also alter their messages without them knowing.

What are the 2 spiders available for use in ZAP? What situations are they best suited for?

• ZAP provides two spiders: Traditional Spider and Ajax Spider. Traditional Spider is best for applications that have static content. It navigates through the links found in HTML. Ajax Spider is suited for applications heavily based on JavaScript. It interacts with the pages, triggering events and updating content.

Things I want to know more about are the latest vulnerabilities and attack vectors being used by cyber criminals.

References

Getting Started Zaproxy. Retrieved June 07, 2023 from Zed Attack Proxy