Anyone fancy working on NoSQL scan rule(s)?
88 views
Skip to first unread message
psiinon
May 4, 2017, 5:49:13 AM5/4/17
to OWASP ZAP Developer Group
Just raised this issue: https://github.com/zaproxy/zaproxy/issues/3480 based on this thread on the User Group: https://groups.google.com/d/msg/zaproxy-users/A0nVzx3OiSs/jYV-JcUJBwAJ
Note that we also have a blog post about creating active scan rules: https://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html
Anyone interested in having a go?
Its not going to be trivial, but its quite self contained so could be an ideal introduction to ZAP development :)
Cheers,
Simon
Note that we also have a blog post about creating active scan rules: https://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html
Anyone interested in having a go?
Its not going to be trivial, but its quite self contained so could be an ideal introduction to ZAP development :)
Cheers,
Simon
Madhu Akula
May 4, 2017, 5:58:43 AM5/4/17
to OWASP ZAP Developer Group
Hey psiinon,
I am really excited to contribute. But I don't work on development, I am interested in contributing infrastructure part. Where I can contribute in setting up the NoSQL docker containers for testing environment and related things.
Not only for this if any other development going I can support for infrastructure related things.
Looking forward
psiinon
May 4, 2017, 6:10:31 AM5/4/17
to OWASP ZAP Developer Group
Hiya,
This would be really useful :)
You can put the docker containers anywhere on https://hub.docker.com/
I also started a https://hub.docker.com/u/owaspvwad/dashboard/ so you could always use that.
We have a good list of vulnerable apps here: https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project please submit PRs if you spot any missing.
The other thing that would be _really_ useful for people developing scan rules is some documentation around specific vulnerabilities.
This doesnt have to be too detailed, just a list of URLs + the associated vulnerabilities would be a great start.
That way people can start working on new scan rules without having to spend ages hunting down good examples :)
Many thanks,
Simon
This would be really useful :)
You can put the docker containers anywhere on https://hub.docker.com/
I also started a https://hub.docker.com/u/owaspvwad/dashboard/ so you could always use that.
We have a good list of vulnerable apps here: https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project please submit PRs if you spot any missing.
The other thing that would be _really_ useful for people developing scan rules is some documentation around specific vulnerabilities.
This doesnt have to be too detailed, just a list of URLs + the associated vulnerabilities would be a great start.
That way people can start working on new scan rules without having to spend ages hunting down good examples :)
Many thanks,
Simon
Madhu Akula
May 4, 2017, 6:17:47 AM5/4/17
to OWASP ZAP Developer Group
I follow that, I can see DSVW from Appsecco which I created.
Thanks for information, I will keep update the repository with all available vulnerabilities and documentation.
Reply all
Reply to author
Forward
0 new messages