ZAP – Automation

Powering Up DAST with ZAP and Noir

Posted Monday November 11, 2024 732 Words

Integrating Noir, a tool for discovering hidden endpoints in source code, with ZAP enhances dynamic application security testing (DAST).

Signing Requests using RSA Keys

Posted Monday January 29, 2024 496 Words

A new script in the community-scripts repository enables the signing of outgoing requests with RSA keys, addressing the challenge of testing applications that require this functionality.

Automated ZAP Scans for Orchard Core Apps

Posted Friday December 8, 2023 542 Words

If you have an app running on the ASP.NET Core web framework and CMS Orchard Core, you can now easily run ZAP scans for it.

Automation Guide - Exploring Your App

Posted Monday January 1, 0001 390 Words

ZAP cannot attack parts of the target app if it does not know about them. Exploring the app is key - the more effectively that is done the more effectively ZAP will be able to attack it. This is why ZAP has so many options for exploring apps.

Automation Guide - Options

Posted Monday January 1, 0001 454 Words

If you want to use ZAP for automated security scanning then you have a wide range of options, also listed on the main Automate page.

Also see the ZAP Chat 06 Automation Introduction video which talks about and demonstrates all of these options in more detail.

Each of these options provides a different balance between ease of use and flexibility + functionality:

Automation Guide - Target Scanning Issues

Posted Monday January 1, 0001 1307 Words

It is not unusual for target systems to struggle or even fail when being scanned by ZAP.

This page explains what can go wrong, how to detect these problems and what can be done about them.

Cannot Connect

If ZAP cannot connect to the target app then it will typically fail very quickly. Solving connection problems will depend on the underlying cause, which ZAP will not be able to detect.

Tag: Automation