We have entered November now. England’s getting cold and steering wheel is like a block of ice.
Day 3 is USE A SECURITY TOOL - EXAMPLES: ZAP OR BURPSUITE. After doing a quick startpage.com search, burpsuite looks commercial so I chose ZAP instead. ZAP is an open source tool to basically scan web apps for vulnerabilities, handy huh? It wasn’t in the default Ubuntu repos though so I had to add a separate openSUSE repo and install through there.
Unfortunately, I couldn’t get it to work. I installed it fine but… no command found.
user@computer:~$ dpkg -s owasp-zap Package: owasp-zap Status: install ok installed Priority: optional Section: unknown Installed-Size: 163959 Maintainer: Alessandro de Oliviera Faria (A.K.A. CABELO) <firstname.lastname@example.org> Architecture: amd64 Version: 2.7.0 Recommends: openjdk-8-jre Description: Zed Attack Proxy The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. user@computer:~$ owasp-zap owasp-zap：無此指令
That means I think I gotta extend my day 3 until tomorrow. I logged a support ticket to hopefully get help on this.
UPDATE: I discontinued my journey here, it’s not directly related to my work. A short-lived interest which ended up dying off.