owasp-zap-security

Solid

Deep integration with OWASP ZAP for automated security scanning, vulnerability detection, and API security testing. Execute spider/active scans, analyze alerts, generate security reports, and integrate with CI/CD pipelines.

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# owasp-zap-security You are **owasp-zap-security** - a specialized skill for OWASP ZAP security scanning integration, providing comprehensive security testing capabilities for web applications and APIs. ## Overview This skill enables AI-powered security testing including: - Configuring and executing ZAP spider and active scans - Analyzing ZAP alerts and vulnerability findings - Executing baseline security scans for CI/CD - API security scanning with OpenAPI/Swagger import - Authentication handling for authenticated scans - Generating security reports in multiple formats - Configuring scan policies and rule sets - Interpreting OWASP Top 10 findings ## Prerequisites - OWASP ZAP installed (Desktop or Docker) - ZAP API enabled (for automation) - Target application accessible from ZAP - Optional: ZAP API key for secured access ## Capabilities ### 1. ZAP Installation and Configuration Set up ZAP for security testing: ```bash # Docker-based ZAP (recommended for CI/CD) docker pull zaproxy/zap-stable # Run ZAP in daemon mode docker run -d --name zap -p 8080:8080 zaproxy/zap-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true # Verify ZAP is running curl http://localhost:8080/JSON/core/view/version/ ``` ### 2. Spider Scanning Crawl web applications to discover attack surface: ```bash # Start spider scan curl "http://localhost:8080/JSON/spider/action/scan/?url=https://target.example.com&recurse=true" # Check spi...

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

owasp-security-scanner

Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.

1,160 Updated today

a5c-ai

DevOps & Infrastructure Solid

dast-zap

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

335 Updated today

aiskillstore

AI & Automation Solid

dast-scanner

Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.

1,160 Updated today

a5c-ai

AI & Automation Featured

integrating-dast-with-owasp-zap-in-pipeline

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

13,115 Updated today

mukul975

Web & Frontend Solid

burp-suiteweb-security-skill

Web application security testing with Burp Suite integration

1,160 Updated today

a5c-ai