Security/Automation/Winter Of Security 2016/ZAP Form Handling

Team

Introduction

Our team is comprised of three enthusiastic Information Technology students who attend Arizona State University's Polytechnic Campus. All of us have a focus area in Network Administration and Security, and an interest to learn about all different aspects of the IT industry. As part of our Senior Capstone course we are required to pick a project that spans two semesters, that will demonstrate our collective abilities which we have learned throughout our time in ASU’s program. As a group, we have elected to focus on a security related topic which led us to find Mozilla’s Winter of Security program.

Members

• Ryan Wehe
• Christopher Laguna
• Rian Franey
• Professors: Damien Doheny and Dr. Usha Jagannathan
• Mozilla Advisor: Simon Bennetts

Project

Description

The ZAP traditional and Ajax spiders explore an application by putting basic default values in all forms. These may often not be valid values, for example using "ZAP" when an email address is required.

The project enhancement would allow the user to define default values based on pattern matching against the field names and/or ids.

Success Criteria

This project is successful if:

• User able to specify default values for all forms used by the ZAP spiders
• Display all of the forms and fields for an application and allow the user to update the default values to be used
• Full support for defining default values via the API

Timeframe: March 2017.

Updates

Bi-Week Ending 2016-MM-DD

Week One (2016-10-17)

• Set up ZAP environment.
• Successfully made changes to default values used by the ZAP spiders
• Becoming familiar with ZAP's coding

Week Three (2016-10-31)

• Built a simple Spider
• Became familiar with HTML parsing and form handling
• Created a value generator interface