How to create Active Scan policy in ZAP Docker tool
502 views
Skip to first unread message
Karthick G
Apr 26, 2022, 2:44:16 AM4/26/22
to OWASP ZAP User Group
Hi People,
I am trying to Test An web Application, I am Using ZAProxy Docker environment for which I need to set Some Active scan policies, Just like How we do in Zaproxy GUI. Is there any way in which One can edit or add polcies (What are the Attacks that has be done at what what level HIgh/Low etc.) or even How to define them in the Docker Environment.
Thanks in Advance
Karthick G
Simon Bennetts
Apr 26, 2022, 5:02:28 AM4/26/22
to OWASP ZAP User Group
Hi Karthick,
For automation options see https://www.zaproxy.org/docs/automate/
The full packaged scan supports configuring the scan policy via a config file.
The automation framwork supports configuring the scan policy via either a yaml file or by specifying the policy file.
The API allows you do do anything but is a bit more work to use.
My recommendation is to get things working in the GUI and then to create an automation framework plan in the GUI and test that there.
You can then export the plan into a yaml file which you can use in docker.
Cheers,
Simon
Teo Nguyen Van
Apr 29, 2022, 12:33:22 AM4/29/22
to OWASP ZAP User Group
Hi Simon,
"The full packaged scan supports configuring the scan policy via a config file" <- How can we configuring the scan policy via a config file ? As I see, the config file doesn't have any option that load or config the custom policy. Can you give some more details about it ?
Thanks,
Ben
Vào lúc 16:02:28 UTC+7 ngày Thứ Ba, 26 tháng 4, 2022, psi...@gmail.com đã viết:
thc...@gmail.com
Apr 29, 2022, 2:14:39 AM4/29/22
to zaprox...@googlegroups.com
For more details about the configuration file:
https://www.zaproxy.org/docs/docker/baseline-scan/#configuration-file
Best regards.
On 29/04/2022 05:33, Teo Nguyen Van wrote:
>
> Hi Simon,
> "The full packaged scan supports configuring the scan policy via a config
> file" <- How can we configuring the scan policy via a config file ? As I
> see, the config file doesn't have any option that load or config the custom
> policy. Can you give some more details about it ?
> Thanks,
> Ben
> Vào lúc 16:02:28 UTC+7 ngày Thứ Ba, 26 tháng 4, 2022, psi...@gmail.com đã
> viết:
>
>> Hi Karthick,
>>
>> For automation options see https://www.zaproxy.org/docs/automate/
>> The full packaged scan supports configuring the scan policy via a config
>> file.
>> The automation framwork supports configuring the scan policy via either a
>> yaml file or by specifying the policy file.
>> The API allows you do do anything but is a bit more work to use.
>>
>> My recommendation is to get things working in the GUI and then to create
>> an automation framework plan in the GUI and test that there.
>> You can then export the plan into a yaml file which you can use in docker.
>>
>> Cheers,
>>
>> Simon
>>
>> On Tuesday, 26 April 2022 at 07:44:16 UTC+1 karthi...@gmail.com wrote:
>>
>>> Hi People,
>>> I am trying to Test An web Application, I am Using *ZAProxy Docker
>>> environment* for which I need to set Some Active scan policies, Just
>>> like How we do in *Zaproxy GUI*. Is there any way in which One can edit
https://www.zaproxy.org/docs/docker/baseline-scan/#configuration-file
Best regards.
On 29/04/2022 05:33, Teo Nguyen Van wrote:
>
> Hi Simon,
> "The full packaged scan supports configuring the scan policy via a config
> file" <- How can we configuring the scan policy via a config file ? As I
> see, the config file doesn't have any option that load or config the custom
> policy. Can you give some more details about it ?
> Thanks,
> Ben
> Vào lúc 16:02:28 UTC+7 ngày Thứ Ba, 26 tháng 4, 2022, psi...@gmail.com đã
> viết:
>
>> Hi Karthick,
>>
>> For automation options see https://www.zaproxy.org/docs/automate/
>> The full packaged scan supports configuring the scan policy via a config
>> file.
>> The automation framwork supports configuring the scan policy via either a
>> yaml file or by specifying the policy file.
>> The API allows you do do anything but is a bit more work to use.
>>
>> My recommendation is to get things working in the GUI and then to create
>> an automation framework plan in the GUI and test that there.
>> You can then export the plan into a yaml file which you can use in docker.
>>
>> Cheers,
>>
>> Simon
>>
>> On Tuesday, 26 April 2022 at 07:44:16 UTC+1 karthi...@gmail.com wrote:
>>
>>> Hi People,
>>> environment* for which I need to set Some Active scan policies, Just
>>> like How we do in *Zaproxy GUI*. Is there any way in which One can edit
Reply all
Reply to author
Forward
0 new messages