dast-zap

Solid

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

DevOps & Infrastructure 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# DAST with OWASP ZAP ## Overview OWASP ZAP (Zed Attack Proxy) is an open-source DAST tool that acts as a manipulator-in-the-middle proxy to intercept, inspect, and test web application traffic for security vulnerabilities. ZAP provides automated passive and active scanning, API testing capabilities, and seamless CI/CD integration for runtime security testing. ## Quick Start ### Baseline Scan (Docker) Run a quick passive security scan: ```bash docker run -t zaproxy/zap-stable zap-baseline.py -t https://target-app.com -r baseline-report.html ``` ### Full Active Scan (Docker) Perform comprehensive active vulnerability testing: ```bash docker run -t zaproxy/zap-stable zap-full-scan.py -t https://target-app.com -r full-scan-report.html ``` ### API Scan with OpenAPI Spec Test APIs using OpenAPI/Swagger specification: ```bash docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap-api-scan.py \ -t https://api.target.com \ -f openapi \ -d /zap/wrk/openapi-spec.yaml \ -r /zap/wrk/api-report.html ``` ## Core Workflow ### Step 1: Define Scan Scope and Target Identify the target application URL and define scope: ```bash # Set target URL TARGET_URL="https://target-app.com" # For authenticated scans, prepare authentication context # See references/authentication_guide.md for detailed setup ``` **Scope Considerations:** - Exclude third-party domains and CDN URLs - Include all application subdomains and API endpoints - Respect scope limitations in penetration t...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

dast-scanner

Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.

1,160 Updated today
a5c-ai
AI & Automation Featured

integrating-dast-with-owasp-zap-in-pipeline

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

13,115 Updated today
mukul975
AI & Automation Solid

owasp-zap-security

Deep integration with OWASP ZAP for automated security scanning, vulnerability detection, and API security testing. Execute spider/active scans, analyze alerts, generate security reports, and integrate with CI/CD pipelines.

1,160 Updated today
a5c-ai
AI & Automation Listed

dast-workflow

Dynamic Application Security Testing workflow — OWASP ZAP automation (baseline/full/API scans), Burp Suite Professional playbooks, Burp Collaborator for out-of-band detection, auth-state orchestration, and CI integration with scope-safe active scanning.

4 Updated 1 weeks ago
roodlicht
AI & Automation Solid

owasp-security-scanner

Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.

1,160 Updated today
a5c-ai