OWASP -The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. (Wikipedia)
If you have wanted to learn how to test your network and the devices, you can begin with OWASP Zed Attack Proxy (ZAP). Remember, when you get ready to attack, you must own the network and the devices on the network.
You can download OWASP Zed Attack Proxy from the link above.
Once you install the program, you may want to make exceptions in your anti-virus or anti-malware software. Plug-ins may be detected as viruses, however, this is common with security software.
Once you have installed OWASP Zed Active Proxy, you may want to update and add some components. If you are new at scanning and testing security, be sure to look at the tutorials and OWASP videos below. Again, make sure you own the network and devices on the network.
Here’s a basic list of some of the devices on my home network.
- Open OWASP Zed Attack Proxy (basic scan)
- Enter the IP address to attack
- Click on Attack
- Attacks are entered into the URL box in the right pane (above)
- View the alert information by selecting the tab (above)
- Look at spider information by selecting the appropriate tab. (above)
- You can view the history of an attack. (below)
- Below- You can right click and open links with a browser (dozens of more features)
- Go to Reports and Export as HTML – This will give you links and information on the vulnerabilities of the device. (below)
Basics and other videos (found in the links below)
- Getting Started Guide (pdf) – an introductory guide
- Tutorial Videos
- User Guide – online version of the User Guide
- Add-ons – optional add-ons you can install