We have entered November now. England’s getting cold and steering wheel is like a block of ice.

Day 3 is USE A SECURITY TOOL - EXAMPLES: ZAP OR BURPSUITE. After doing a quick startpage.com search, burpsuite looks commercial so I chose ZAP instead. ZAP is an open source tool to basically scan web apps for vulnerabilities, handy huh? It wasn’t in the default Ubuntu repos though so I had to add a separate openSUSE repo and install through there.

Unfortunately, I couldn’t get it to work. I installed it fine but… no command found.

user@computer:~$ dpkg -s owasp-zap
Package: owasp-zap
Status: install ok installed
Priority: optional
Section: unknown
Installed-Size: 163959
Maintainer: Alessandro de Oliviera Faria (A.K.A. CABELO) <cabelo@opensuse.org>
Architecture: amd64
Version: 2.7.0
Recommends: openjdk-8-jre
Description: Zed Attack Proxy
 The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
user@computer:~$ owasp-zap

That means I think I gotta extend my day 3 until tomorrow. I logged a support ticket to hopefully get help on this.

UPDATE: I discontinued my journey here, it’s not directly related to my work. A short-lived interest which ended up dying off.