java - OWASP ZAP: Active Scanner in Continuos Integration -

-

trying use zap (2.4.3) in continuos integration (ci) setting. can run zap daemon, run selenium tests (in java) using zap proxy, , being able use rest api calling htmlreport final report of passive scanner. works fine, use active scanner.

using active scanner in ci mentioned several times in zap's documentation, haven't found working example or tutorial it... exist?

what achieve like: run active scanner on pages visited selenium regression suite, once finished run.

trying @ zap's rest api, undocumented:

https://github.com/zaproxy/zaproxy/wiki/apigen_index

ideally, great have like:

  • start active scan asynchronously on visited urls
  • poll check if active scan run completed

in rest api seems there related, but:

  • ascan/scan needs url input. call core/urls see selenium tests have visited, how set right authentication (logging credential)? if order in urls visited important? if page accessable specific credential?
  • there ascan/scanasuser, unclear how contextid , userid can retrieved zap. cumbersome workaround modify selenium tests write on disk urls visit , logging/password credentials using, , then, once tests finished, read disk such info call zap. there simpler way?

ok, theres lot of questions here:)

zap typically scans hierarchies of urls, eg under https://www.example.com/app top level url of application. kind of assume know ;)

authentication non trivial handle, see https://github.com/zaproxy/zaproxy/wiki/faqformauth

the ascan/status call returns completed %

you may find zap user group http://groups.google.com/group/zaproxy-users better these sort of questions. yes, need improve api documentation :/

cheers,

simon (zap project lead)


Comments

Post a Comment

Popular posts from this blog

ruby - Trying to change last to "x"s to 23 -

-
i have been playing around irb , have string looks this: irb(main):072:0> puts ["[\"4354 5432 5432 xxxxx\", \"6547 6547 8543 xxxxx\", \"2344 6543 6674 xxxxx\", \"2346 6236 7543 xxxxx\", \"1273 5585 5587 xxxxx\"]"] => nil irb(main):073:0> what want gsub last 2 "x" s of each 17 digit combination, 23 . what i've tried far (i've been using rubular): a.gsub(/\d[x]/,"23") <= grabs "x" s i'm close a.gsub(/\w[x{2}]/,"23") <= grabs "x" s grabs two digits each combination. is there easier way i'm not understanding? a.gsub(/\d{4} \d{4} \d{4} xxx\kxx/, '23') \d{4} = 4 digits what \k drop matched far. can use don't replace entire number, still able validate have in desired format.
Read more

jquery - Clone last and append item to closest class -

-
this bare-bones code on page: <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <di
Read more

c - Unrecognised emulation mode: elf_i386 on MinGW32 -

-
i'm trying make kernel, , cannot link c output assembly. ld . i'm getting error: unrecognized emulation mode: elf_i386 i'm using windows 10 professional mingw32 , msys. code using: link.ld /* * link.ld */ output_format(elf32-i386) entry(start) sections { . = 0x100000; .text : { *(.text) } .data : { *(.data) } .bss : { *(.bss) } } kernel.c /* * kernel.c */ void kmain(void) { const char *str = "my first kernel"; char *vidptr = (char*)0xb8000; //video mem begins here. unsigned int = 0; unsigned int j = 0; /* loops clears screen * there 25 lines each of 80 columns; each element takes 2 bytes */ while(j < 80 * 25 * 2) { /* blank character */ vidptr[j] = ' '; /* attribute-byte - light grey on black screen */ vidptr[j+1] = 0x07; j = j + 2; } j = 0; /* loop writes string video memory */ while(str[j] != '\0') { /
Read more