Scripted Authentication for ZAP

[Parthiban SG]

Hi Team,

We have onboarded ZAP for scanning our web applications and to perform the scan, we have the context file with encoded password for our form based logins. However, this is a security concern where the encoded password can be cracked easily. Hence, we are looking to switch to scripted authentication to include encryption to our credentials and decrypt it in OWASP ZAP before performing the scan

Can you provide me any scripted authentication if it has been implemented already so that I can reuse them or any informationm towards the scripted auth will be helpful

Thanks

[Simon Bennetts]

Hiya,

If you want authentication support but dont need it right now then the Automation Framework will be the recommended approach.

Thats doesnt currently support authentication but its the next thing on the list.

It provides support for env vars so you'll be able to use those for your passwords.

Cheers,

Simon