OWASP ZAP Reconnaissance – Without Permission!

by Jonathan Lampe
Oct. 8, 2017 0 comments INFOSEC Institute Pen Testing & Audits

As a security professional, you will often be asked to give your opinion or assessment on the security of a third-party web site or cloud service. The person asking the question will usually have no authority to give you permission to run a penetration test on the remote site, and the chances that you can secure permission from the remote site’s owner will also be remote. If this happens to you, are you stuck? Actually, the answer is no. There is plenty of reconnaissance you can perform on a third-party service without requesting special permission, as long as you have a solid attack proxy and a plan.