Scanning a REST api
290 views
Skip to first unread message
il...@balink.net
Jun 20, 2016, 6:52:50 AM6/20/16
to OWASP ZAP User Group
Hi all,
What is the bestway to do it?
Thanks
I need to scan a REST API.
What is the bestway to do it?
Thanks
Simon Bennetts
Jun 20, 2016, 7:56:16 AM6/20/16
to OWASP ZAP User Group
The first problem with REST APIs is how to explore them.
The best option is a good set of regression tests that use network connections - do you have anything like that?
If not, do you have an API definition, and if so in what form?
Cheers,
Simon
The best option is a good set of regression tests that use network connections - do you have anything like that?
If not, do you have an API definition, and if so in what form?
Cheers,
Simon
Matt Seil
Jun 20, 2016, 12:05:44 PM6/20/16
to zaprox...@googlegroups.com
What Simon says is correct. Since there's no "links in a page" as there is for a typical web application, a REST API is going to rely upon some kind of tool interacting with the webservice through ZAP. I've used SoapUI tests for stuff like that in the past, also JMeter scripts, if available can also accomplish this.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/0ff09d04-6ada-49dd-8f0b-f09671d00e98%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
kingthorin+owaspzap
Jun 20, 2016, 1:24:30 PM6/20/16
to OWASP ZAP User Group
I know I've heard people talking of using Chrome and an extension called POSTman for REST API functional testing, which could be proxied through ZAP.
Reply all
Reply to author
Forward
0 new messages