owasp zap
Primarily, if we can integrate Selenium Webdriver tests with ZAP then we can have the automated security tests ready through ZAP APIs. In spite of good documentation around this topic, I have seen a lot of people face issues in integrating tests with ZAP. In Traveltriangle, the technical team actively uses OWASP as a primary tool for security testing. This blog is showing the practical steps to have this integration in place using ZAP APIs.
首先,如果我们可以将Selenium Webdriver测试与ZAP集成在一起 ,则可以通过ZAP API准备自动的安全测试。 尽管围绕该主题提供了很好的文档,但我已经看到很多人在将测试与ZAP集成时仍然遇到问题。 在Traveltriangle中 ,技术团队积极使用OWASP作为安全测试的主要工具。 该博客显示了使用ZAP API进行集成的实际步骤。
Note — The following content will not cover the OWASP ZAP features, types of ZAP security scans, ZAP internal usage and reading the scan reports. Fortunately, there is very good documentation around all the features of ZAP here. Please go through it.
注—以下内容将不涉及OWASP ZAP功能,ZAP安全扫描的类型,ZAP内部使用情况以及读取扫描报告。 幸运的是,周围的一切都非常好文档ZAP的功能 在这里 。 请通过它。
Let’s begin with the actual integration.
让我们从实际的集成开始。
The foremost step is to initiate the ZAP executable. The selenium test will be communicating to the ZAP executable so this has to be initiated on the configured machine. ZAP executable supports various command line parameters, but here we will be using the bare minimum.
最重要的步骤是启动