Confirmed users
81
edits
Security/Automation/Winter Of Security 2016/ZAP Form Handling: Difference between revisions
Jump to navigation
Jump to search
Security/Automation/Winter Of Security 2016/ZAP Form Handling (view source)
Revision as of 15:45, 3 November 2016
, 3 November 2016Undo revision 1153451 by Mgoodwin (talk)
(Skeleton of document created) |
|||
| Line 2: | Line 2: | ||
== Team == | == Team == | ||
=== Introduction === | === Introduction === | ||
Our team is... | Our team is comprised of three enthusiastic Information Technology students who attend Arizona State University's Polytechnic Campus. All of us have a focus area in Network Administration and Security, and an interest to learn about all different aspects of the IT industry. As part of our Senior Capstone course we are required to pick a project that spans two semesters, that will demonstrate our collective abilities which we have learned throughout our time in ASU’s program. As a group, we have elected to focus on a security related topic which led us to find Mozilla’s Winter of Security program. | ||
=== Members === | === Members === | ||
* | * Ryan Wehe | ||
* | * Christopher Laguna | ||
* | * Rian Franey | ||
* Professors: | * Professors: Damien Doheny and Dr. Usha Jagannathan | ||
* Mozilla Advisor: [https://mozillians.org/en-US/u/ | * Mozilla Advisor: [https://mozillians.org/en-US/u/psiinon/ Simon Bennetts] | ||
== Project == | == Project == | ||
=== Description === | === Description === | ||
The ZAP traditional and Ajax spiders explore an application by putting basic default values in all forms. These may often not be valid values, for example using "ZAP" when an email address is required. | |||
The project enhancement would allow the user to define default values based on pattern matching against the field names and/or ids. | |||
=== Success Criteria === | === Success Criteria === | ||
This project is successful if: | This project is successful if: | ||
* | * User able to specify default values for all forms used by the ZAP spiders | ||
* Display all of the forms and fields for an application and allow the user to update the default values to be used | |||
* Full support for defining default values via the API | |||
Timeframe: March 2017. | Timeframe: March 2017. | ||
| Line 25: | Line 29: | ||
=== Bi-Week Ending 2016-MM-DD === | === Bi-Week Ending 2016-MM-DD === | ||
Week One (2016-10-) | Week One (2016-10-17) | ||
* | * Set up ZAP environment. | ||
* Successfully made changes to default values used by the ZAP spiders | |||
* Becoming familiar with ZAP's coding | |||
Week Three (2016-10-31) | |||
* Built a simple Spider | |||
* Became familiar with HTML parsing and form handling | |||
* Created a value generator interface | |||