Request for Method to Clear ZAP History Using Python API zap.core.clear_history()
66 views
Skip to first unread message
Muhammad Zubair
Mar 13, 2023, 9:54:29 PM3/13/23
to OWASP ZAP User Group
Hello ZAP Team,
I was wondering if there is a method similar to zap.core.clear_history() that can be used to clear the history of ZAP using the Python API. Can you please advise if there is an alternative method available? Thank you.
I was wondering if there is a method similar to zap.core.clear_history() that can be used to clear the history of ZAP using the Python API. Can you please advise if there is an alternative method available? Thank you.
thc...@gmail.com
Mar 14, 2023, 3:41:41 AM3/14/23
to zaprox...@googlegroups.com
Hi.
What's the main purpose?
Some options, create a new session (`core.new_session`) or delete all
top nodes (e.g. `core.child_nodes` and `core.delete_site_node`).
Best regards.
What's the main purpose?
Some options, create a new session (`core.new_session`) or delete all
top nodes (e.g. `core.child_nodes` and `core.delete_site_node`).
Best regards.
Muhammad Zubair
Mar 15, 2023, 1:11:23 AM3/15/23
to OWASP ZAP User Group
Thanks for quick response. Actually when i generate report via zap python Api it include all the website in one report i want it to reset everytime.
thc...@gmail.com
Mar 15, 2023, 3:53:15 AM3/15/23
to zaprox...@googlegroups.com
Ok, the new session seems to be what you want.
Best regards.
Best regards.
Simon Bennetts
Mar 15, 2023, 5:05:59 AM3/15/23
to OWASP ZAP User Group
It is worth noting that ZAP is not designed to be run as a long running service.
Cheers,
Simon
Muhammad Zubair
Mar 16, 2023, 3:01:07 AM3/16/23
to OWASP ZAP User Group
Would there be any problem if we use ZAP as a long running service despite it not being designed for that purpose?
Simon Bennetts
Mar 16, 2023, 5:14:47 AM3/16/23
to OWASP ZAP User Group
Yes.
I would expect it to keep using more memory and eventually crash.
If you find it does actually work for you as a long running service then please let us know :)
We have looked to see what would be required in order to make it work in this way but currently it would be too much work for the number of people we have working on ZAP.
Cheers,
Simon
Message has been deleted
Muhammad Zubair
Mar 27, 2023, 3:10:52 AM3/27/23
to OWASP ZAP User Group
Hello Zap Team,
Thank you for your comment. I would like to share my experience using ZAP as a long running service. So far, it has been working well for us and we are even considering using it for SAST as well.
To achieve this, I am planning to have a localhost connected to the live server, with the extension installed in VS Code (I will develop the extension ). As developers compile and run their code on the localhost, it will be scanned by ZAP and a report will be sent by email daily. This approach eliminates the need for a tool with language dependencies for SAST.
I am planning to write a blog on this project once it is complete. If you have any suggestions or advice, please feel free to share.
Thank you again for your comment and for developing such a useful tool.
Thank you for your comment. I would like to share my experience using ZAP as a long running service. So far, it has been working well for us and we are even considering using it for SAST as well.
To achieve this, I am planning to have a localhost connected to the live server, with the extension installed in VS Code (I will develop the extension ). As developers compile and run their code on the localhost, it will be scanned by ZAP and a report will be sent by email daily. This approach eliminates the need for a tool with language dependencies for SAST.
I am planning to write a blog on this project once it is complete. If you have any suggestions or advice, please feel free to share.
Thank you again for your comment and for developing such a useful tool.
Simon Bennetts
Mar 27, 2023, 4:57:08 AM3/27/23
to OWASP ZAP User Group
You may struggle with that as ZAP doesnt really perform SAST, except for some very specific Java Script cases.
I still really dont recommend running ZAP as a long running service, but I would be interested to learn more about your experiences if you do so :)
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages