Securing Web Applications using OWASP ZAP in passive mode

The OWASP Zed Attack Proxy is a powerful open source web application security assessment tool. Even in passive mode, where it just inspects the traffic generated by your browser, it can give valuable pointers for securing your web application against abuse.

In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them.