Cover image for Website Penetration Testing

Website Penetration Testing

cheahengsoon profile image Eng Soon Cheah ・1 min read


This just for Education Purpose.

In this article, we will use


OWASP-ZAP is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications.

  1. Go to Applications > Web Application Analysis > OWASP-ZAP
    Alt Text

  2. Click "Accept".
    Alt Text

  3. ZAP will start to load.
    Alt Text

  4. Choose "No,I donot want to persist this session at this moment in time" and Click "Start".
    Alt Text

  5. Enter URL of DVWA at "URL to attack" → click "Attack".
    Alt Text

  6. After the scan is completed, on the top left panel you will see all the crawled sites.
    In the left panel "Alerts", you will see all the findings along with the description.
    Alt Text

  7. Click "Spider" and you will see all the links scanned.
    Alt Text

I'm self learner and I'm not certified in any Cyber Security Certification. Try at your own risk. Feel free to comment.


Posted on by:

cheahengsoon profile

Eng Soon Cheah


Pursuit my dreams working in U.S.


Editor guide

But if you just want to spider a website, dirbuster is a much more efficient tool. It lives in your terminal, can be scripted and is brilliantly efficient.
You should give it a try (it is part of Kali Linux). ;-)


Nice,please keep it easy and simple. Don't show over complicated things in future and show us a continues process what to do next..