The vast majority of cyber attacks against a web application are relatively easy to defend -- yet most applications remain vulnerable. In fact many developers aren't even aware of how simple these attacks are to execute. Spoiler alert: it's really, really easy. OWASP ZAP is the world’s most widely used web application vulnerability scanner. ZAP provides functionality for a range of skill levels – from developers, to testers new to security testing, to security testing specialists. Let’s spend an hour hacking a vulnerable web application using OWASP ZAP and discuss strategies for protecting your own applications.