I
am a Test Analyst with a keen interest in web application security
and automation. I’m looking at integrating ZAP with Gauntlt
I'm exploring the ZAP API with the intention of understanding the process required to programmatically invoke the actions for the available ZAP components.
To illustrate, here is an example Nmap test within Gaunlt:
Feature: nmap attacks for example.com
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| hostname | google.com |
| tcp_ping_ports | 22,25,80,443 |
Scenario: Verify server is open on expected set of ports using the nmap fast flag
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should contain:
"""
80/tcp open http
443/tcp open https
3128/tcp open squid-http
8080/tcp open http-proxy
"""
Scenario: Verify that there are no unexpected ports open
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should not contain:
"""
22/tcp
25/tcp
"""
Is there access to more ZAP components beyond those listed here? http://code.google.com/p/zaproxy/wiki/ApiDetailsUI
Does this granularity extend further? I want to be able to break down the features of ZAP into discrete attack methods/tests (for the Cucumber tests within gauntlt) as per the examples in the list below, but is this possible?
Spider
Identifying incorrectly set cookies & http header issues
XSS
XSRF
SQL injection
Parameter tampering
Fuzzing
Brute force
URL redirect abuse
Weak authentication
Password auto-complete in browser
Potential file path manipulation
Secure page browser cache
Sensitive information in URLs
If so, are they invoked via the API URLs as per the active scanner - http://zap/<format>/ascan/<operation>/<operation name>[/?<parameters>]
Kind regards,