diff --git a/docs/modules/ROOT/pages/appendix/solutions.adoc b/docs/modules/ROOT/pages/appendix/solutions.adoc index 5b952668..29458c9c 100644 --- a/docs/modules/ROOT/pages/appendix/solutions.adoc +++ b/docs/modules/ROOT/pages/appendix/solutions.adoc @@ -706,7 +706,7 @@ money from . If wallet isn't empty: a. If your wallet contains funds, you cannot start a dummy transaction to inspect the request structure because then you would be automatically upgraded to deluxe. b. Set up a proxy -like OWASP ZAP, Fiddler aur Burp Suite. c. Click on the pay button d. +like ZAP, Fiddler aur Burp Suite. c. Click on the pay button d. Intercept and edit the request as described above before forwarding it. @@ -1080,7 +1080,7 @@ xref:part2/security-misconfiguration.adoc#_log_in_with_the_support_teams_origina and indicates that some support team is performing its duties from the public Internet and possibly with VPN access. . Guess luckily or run a brute force attack with e.g. -https://github.com/zaproxy/zap-extensions/tree/beta/src/org/zaproxy/zap/extension/bruteforce[OWASP ZAPs DirBuster plugin] +https://github.com/zaproxy/zap-extensions/tree/beta/src/org/zaproxy/zap/extension/bruteforce[ZAPs DirBuster plugin] for a possibly exposed directory containing the log files. . Following xref:part2/sensitive-data-exposure.adoc#_gain_access_to_any_access_log_file_of_the_server[the hint to drill down deeper than one level], @@ -2848,9 +2848,9 @@ image::appendix/inspect-premium_challenge.png[DOM inspection of the Unlock Premi . This is a cipher text that came out of an AES-encryption using AES256 in CBC mode. . To get the key and the IV, you should run a _Forced Directory -Browsing_ attack against the application. You can use OWASP ZAP for +Browsing_ attack against the application. You can use ZAP for this purpose. - .. Of the word lists coming with OWASP ZAP only + .. Of the word lists coming with ZAP only `directory-list-2.3-big.txt` and `directory-list-lowercase-2.3-big.txt` contain the directory with the key file. diff --git a/docs/modules/ROOT/pages/part3/contribution.adoc b/docs/modules/ROOT/pages/part3/contribution.adoc index ed56f458..9770bc7c 100644 --- a/docs/modules/ROOT/pages/part3/contribution.adoc +++ b/docs/modules/ROOT/pages/part3/contribution.adoc @@ -200,7 +200,7 @@ and internet access to be able to pass. If you have a web proxy configured via `HTTP_PROXY` environment variable, the end-to-end tests https://docs.cypress.io/guides/references/proxy-configuration[will honor this setting]. This can be useful to e.g. run the tests through tools like -https://www.zaproxy.org/[OWASP ZAP] or Burpsuite. +https://www.zaproxy.org/[ZAP] or Burpsuite. === Manually testing packaged distributions diff --git a/docs/modules/ROOT/pages/part4/trainers.adoc b/docs/modules/ROOT/pages/part4/trainers.adoc index fc3c0173..bd80906b 100644 --- a/docs/modules/ROOT/pages/part4/trainers.adoc +++ b/docs/modules/ROOT/pages/part4/trainers.adoc @@ -215,13 +215,13 @@ plan your training accordingly. |=== | Tool | Description | Effort to automate | Execution runtime | Challenges (Auto-solve?) -| OWASP ZAP _Traditional Spider_ or _Forced Browse_ with https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-lowercase-2.3-small.txt[small (or bigger) OWASP DirBuster list] +| ZAP _Traditional Spider_ or _Forced Browse_ with https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-lowercase-2.3-small.txt[small (or bigger) OWASP DirBuster list] | Finds `/ftp` folder with many misplaced files _and_ `/promotion` (and direct `/video`) path with jingle video | 🧠 | ⏳⏳ | Confidential Document(❌), Forgotten Developer Backup(❌), Forgotten Sales Backup(❌), Misplaced Signature File(❌), Login Support Team(❌), Video XSS(❌) -| OWASP ZAP _Forced Browse_ with https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-lowercase-2.3-big.txt[big OWASP DirBuster list] +| ZAP _Forced Browse_ with https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-lowercase-2.3-big.txt[big OWASP DirBuster list] | Finds `/encryptionkeys` directory with `jwt.pub` _and_ `premium.key` key files | 🧠 | ⏳⏳⏳ diff --git a/docs/modules/ROOT/pages/part4/troubleshooting.adoc b/docs/modules/ROOT/pages/part4/troubleshooting.adoc index 959d634e..c8d60e77 100644 --- a/docs/modules/ROOT/pages/part4/troubleshooting.adoc +++ b/docs/modules/ROOT/pages/part4/troubleshooting.adoc @@ -191,5 +191,5 @@ which are by default disabled in Docker environments and shared platforms like Heroku. * You may find it easier to find vulnerabilities using a pen test tool. We strongly recommend -https://www.zaproxy.org/[OWASP ZAP (Zed Attack Proxy)] which is open +https://www.zaproxy.org/[ZAP (Zed Attack Proxy)] which is open source and very powerful, yet beginner friendly.