Cyber Security Academy · Lesson

Web App Scanning with Nikto and OWASP ZAP

Scan web applications for common vulnerabilities using Nikto and OWASP ZAP's active scanner.

Web Application Attack Surface

Web apps expose complex attack surfaces: URL parameters, form fields, cookies, headers, file uploads, and APIs. Automated scanners systematically probe all of these for common vulnerabilities.

Nikto Basics

Nikto is a command-line web server scanner that checks for dangerous files, outdated software, insecure headers, and known CVEs. It is fast, simple, and noisy — not stealthy.

nikto -h http://target.com

# Key options:
# -h target host
# -p port (default 80)
# -ssl for HTTPS
# -Tuning to filter check types
# -o output file, -Format format

All lessons in this course

CVE, CWE, and CVSS Scoring
Running Nessus or OpenVAS Scans
Web App Scanning with Nikto and OWASP ZAP
Prioritizing and Remediating Findings

← Back to Cyber Security Academy