Thanks for the direction - it has taken me awhile but I'm slowly getting my site tree in the right "form" that my application requires for it to be tested thoroughly by ZAP. I do have a follow up question though.
I'm using dummy data in this example, obviously, but it directly reflects what my application is currently doing.
There are no query params but the list of form params with dummy data is as follows (Parameter Name: Value):
dataSource: AnimalSearch
dataSourceType: dbXML
anotherParam: a
differentParam: b
params: {some json}
In this case, the dataSource value drives what stored procedure I am calling so I have cued off of that to make sure my site tree has all the different flavors of dataSource to test:
- http://mywebapp.com
- sites
- src
- index.aspx?
- POST(AnimalSearch)(dataSource, dataSourceType, anotherParam, differentParam, varFromJson1, varFromJson2)
- POST(FruitSearch)(dataSource, dataSourceType, anotherParam, differentParam, varFromJson1, varFromJson2)
- POST(AddAnimal)(dataSource, dataSourceType, anotherParam, differentParam, varFromJson1, varFromJson2)
What I am wondering is, since the correct stored procedure will not be called without a valid dataSource (and possibly dataSourceType), would it make sense NOT to inject any values for those parameters to make sure the call to the SP is valid? I think injecting values for dataSource still needs to be done to be thorough, and I would plan to do that once for the path to cover that scenario. Any thoughts? Hopefully this question makes sense...still new to all this stuff!