API testing

71 views
Skip to first unread message

d money

unread,
Apr 15, 2024, 11:40:22 AMApr 15
to ZAP User Group
Hello,
 I'm just getting started api testing with zap. I am using Zap 2.14 in combination with postman. My target api is vampi, an intentional vulnerable api designed for security testing. I have it running on localhost. Postman is proxying the request through zap. The setup seems to be working. I can spider the api and then run an active scan. I see all of the request scrolling the zap. The issue is I'm getting zero alerts. It is an intentionally vulnerable api so I would expect something. Is there a setting somewhere that I'm missing? Maybe a sensitivity setting?

d money

unread,
Apr 15, 2024, 11:45:24 AMApr 15
to ZAP User Group
[SOLVED]
I figured out my problem. I needed to set the context. I did that and it worked. 

Simon Bennetts

unread,
Apr 18, 2024, 4:40:42 AMApr 18
to ZAP User Group
Thanks for letting us know!

Danial hussain

unread,
Apr 18, 2024, 7:02:41 AMApr 18
to ZAP User Group
Hello ;
i am facing this issue
Open ZAP and go for Manual Explore Copy URL and paste it in “URL to explore” Click on Launch Browser but it is showing me error that provided browser not found
although my browser is install on pc both the chrome and firefox

Simon Bennetts

unread,
Apr 18, 2024, 7:03:49 AMApr 18
to ZAP User Group
Please dont ask new questions on unrelated conversations.
Oh, and also check the FAQs before posting: https://www.zaproxy.org/faq/how-can-i-fix-browser-was-not-found/ :)
Reply all
Reply to author
Forward
0 new messages