Security testing is often broken out, somewhat arbitrarily, according to either the type of vulnerability being tested or the type of testing being done. We define testing as the discovery and attempted exploitation of vulnerabilities. There is no universal terminology but for our purposes, we define assessments as the analysis and discovery of vulnerabilities without attempting to actually exploit those vulnerabilities.
Software security testing is the process of assessing and testing a system to discover security risks and vulnerabilities of the system and its data. It is also available as a pdf to make it easier to print. To that end, some security testing concepts and terminology is included but this document is not intended to be a comprehensive guide to either ZAP or security testing. This guide is intended to serve as a basic introduction for using ZAP to perform security testing, even if you don’t have a background in security testing.