locked
Need information / standards about OWASP ZAP and JMeter RRS feed

  • Question

  • User1052662409 posted

    Dear All,

    Nowadays I am searching for testing tools of Softwares / web application. After some researches, I found two tools for testing OWASP ZAP and JMeter.

    Do you have any information/suggestions/references to use those tools?

    Please share in case you already experienced those or any of them.

    Thanks

    Wednesday, April 8, 2020 11:07 AM

Answers

  • User475983607 posted

    Nowadays I am searching for testing tools of Softwares / web application. After some researches, I found two tools for testing OWASP ZAP and JMeter.

    Do you have any information/suggestions/references to use those tools?

    OWASP ZAP is a tool for penetration testing while JMeter is a load tester. 

    OWASP ZAP sets up a proxy that gives you access to the HTTP messages.  ZAP is open source and the documentation is also open. https://www.zaproxy.org/

    JMeter docs are open too; https://jmeter.apache.org/

    Please share in case you already experienced those or any of them.

    Can you explain what you're looking for?  I used OWASP tools and ZAP for several years.  Once you play with ZAP and/or read the docs it pretty clear how it works.  It's a tool.

    I have not used JMeter but I have used Visual Studio load tests and familiar with building a test plan.  I took a look at JMeter recently when I found VS 2019 is the last VS with load testing.  My research found, on the surface at least, JMeter has similar features to VS.  These features are open published on the JMeter site. https://jmeter.apache.org/usermanual/index.html

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 8, 2020 11:41 AM
  • User1052662409 posted

    Thanks for the information.

    mgebhard

    Can you explain what you're looking for? 

    I need to prepare for an environment for my team to test the application using the OWSAP tool. As far as I know, OWSAP has the standard guidelines for security audits.

    (long before, once I was gone through the security audits, where I needed to pass OWSAP standards)

    To go through ISO certification OR security audit, it helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 8, 2020 11:54 AM

All replies

  • User475983607 posted

    Nowadays I am searching for testing tools of Softwares / web application. After some researches, I found two tools for testing OWASP ZAP and JMeter.

    Do you have any information/suggestions/references to use those tools?

    OWASP ZAP is a tool for penetration testing while JMeter is a load tester. 

    OWASP ZAP sets up a proxy that gives you access to the HTTP messages.  ZAP is open source and the documentation is also open. https://www.zaproxy.org/

    JMeter docs are open too; https://jmeter.apache.org/

    Please share in case you already experienced those or any of them.

    Can you explain what you're looking for?  I used OWASP tools and ZAP for several years.  Once you play with ZAP and/or read the docs it pretty clear how it works.  It's a tool.

    I have not used JMeter but I have used Visual Studio load tests and familiar with building a test plan.  I took a look at JMeter recently when I found VS 2019 is the last VS with load testing.  My research found, on the surface at least, JMeter has similar features to VS.  These features are open published on the JMeter site. https://jmeter.apache.org/usermanual/index.html

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 8, 2020 11:41 AM
  • User1052662409 posted

    Thanks for the information.

    mgebhard

    Can you explain what you're looking for? 

    I need to prepare for an environment for my team to test the application using the OWSAP tool. As far as I know, OWSAP has the standard guidelines for security audits.

    (long before, once I was gone through the security audits, where I needed to pass OWSAP standards)

    To go through ISO certification OR security audit, it helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 8, 2020 11:54 AM
  • User288213138 posted

    Hi demoninside9,

    Nowadays I am searching for testing tools of Softwares / web application. After some researches, I found two tools for testing OWASP ZAP and JMeter.

    Do you have any information/suggestions/references to use those tools?

    Please share in case you already experienced those or any of them.

    Regarding the use of OWASP ZAP and JMeter, I suggest you to consult on their forum or official website.

    This is a quick start for ZAP:

    https://www.zaproxy.org/getting-started/

    This is the manual of JMeter:

    https://jmeter.apache.org/usermanual/get-started.html

    Best regards,

    Sam

    Thursday, April 9, 2020 6:19 AM