I'm trying to build a react native application,(mobile app). Can I use owasp zap for security testing. Or owasp zap only for website and web application.
Yes, see this FAQ which includes a video :) https://www.zaproxy.org/faq/can-zap-be-used-to-test-mobile-apps/
Related
I am more towards to infrastructure but want to learn web app.
I have been given access to Windows server + IIS, how do I know what web framework or even just what language of this web app? Thanks
install "Wappalyzer" browser extension
The extension automatically checks pages you visit and reveals the technologies the website is built with.
I already develop a Selenium code to perform the web application testing. But i need to perform the security testing for the same application. So Please suggest me how to perform the security testing with selenium code .
Please help to integrate the selenium with ZAP.
Proxy your Selenium tests through ZAP and then use ZAP to test your app.
Exploring apps effectively is always a challenge for automated scanners, but a good set of Selenium tests are a great way to teach a scanner like ZAP about how your app works. You can either not bother using the ZAP Spiders or just use them to catch areas of you app that dont have enough tests. By proxying your tests via ZAP you will automatically get passive scanning, and once they have finnished you can use active scanning to run the more agressive attacks.
ZAP has a very powerful API so can be completely automated for this sort of testing.
Are there any open source web frameworks that actively protect against the OWASP Top 10 Security Vulnerabilities?
A framework that satisfies this requirement should include the following
Can pass penetrations testing tools like OWASP Zap Core
Supports standard authentication flows such as create new account, forgot password, login, etc?
Is open source
The intent being to build an application that is secure from the ground up, with best practices already applied.
To me, the programming language is less important here than having these important lessons applied.
Electrode, opensourced by Walmart as the backend app framework they use for walmart.com
I am trying to build a mobile web app using worklight .I checked the IBM website but they have limited documentation on it.I wanted to know is there any inbuilt API provided by IBM in order to develop the mobile web app?
I am specifically looking for API to to control the refresh button and the back button in mobile web browser
Why limited? Where did you look? There is comprehensive user documentation and training modules in the following websites:
IBM Worklight Getting Started training modules
IBM Worklight user documentation: client-side JavaScript API reference
Regardless, there is no such thing as "controlling a browser's Back and Refresh buttons".
These buttons are provided by the mobile browser and are out of scope for whatever is running within.
It would be more beneficial for you to edit the question and explain your specific scenario - what it is that you are actually trying to accomplish.
In Worklight, you have WL.Client.reloadApp, for example, which can be used to refresh the web resources displayed. As for "back button"-like functionality, this can only be determined once you explain what you are trying to accomplish.
Additionally, keep in mind that while Worklight provides some API methods for controlling UI elements, it does so only to a certain degree and only for elements that are most common to all mobile environments (iOS, Android, ... for example, creating a tabbar); when you develop a web app for the Mobile Web environment, you cannot control via the app things like the Refresh button that the mobile browser supplies.
Lastly, you can and probably should opt to 3rd party frameworks such as jQuery Mobile and the like for the UI aspect in your Worklight application.
I'm developing a social networking application for browsers using PHP and I want to have a chat application feature that supports video chat features like in Gmail (Google provides a browser plugin for this). Where can I find such an application or is there something available for a starting point for me to develop one on my own?
Thanks.
You could try using a service like ToxBox. They provide an API;
http://developers.tokbox.com/index.php/Main_Page