API Scanning With ZAP

[Aakhash Ganesh]

Hello,

I'm looking at the zap api scan offerings to write some of my own api scans. And I noticed  that a lot of what I see are simply web scans that have been pointed at API endpoints. Are there API specific scans that that I'm missing from an addon? Or if not, will API specific scans be added into zap?

[psiinon]

Well, a lot of traditional web vulnerabilities, such as SQL injection, apply just as much to APIs :)

Which API specific tests do you think we are missing?

I'm sure there will be some so lets raise issues for them - ZAP is a community project, and anyone can get involved!

Cheers,

Simon