The previous ZAP blog post explained how you could Explore APIs with ZAP.
This blog post goes one step further, and explains how you can both explore and perform security scanning of APIs using ZAP from the command
line.
This allows you to easily automate the scanning of your APIs.
APIs can be challenging for security testing for a variety of reasons.
The first problem you will encounter is how to effectively explore an API - most APIs cannot be explored using browsing or standard spidering
techniques.
However many APIs are described using technologies such as:
These standards define the API endpoints and can be imported into ZAP using 2 optional add-ons.