ZAP API SCAN Config file
807 views
Skip to first unread message
Sudheendra Singh
Dec 9, 2019, 10:41:26 AM12/9/19
to OWASP ZAP User Group
Hi,
I am able to then the zap-api-scan.py. However I want to make the scans much more intensive and apparently this needs a tweak in the config file. Does someone have a sample config file I can reuse?
Cheers,
Sudhi
Peter Hauschulz
Dec 10, 2019, 2:39:25 AM12/10/19
to OWASP ZAP User Group
Hi!
I'm not sure exactly how much the default covers, but it looks like this page lists all of the options, so you could start by copying this:
Sudheendra Singh
Dec 11, 2019, 7:05:10 AM12/11/19
to zaprox...@googlegroups.com
Hi,
I have managed to create a policy file but I am unable to figure out how to use it to override the API-Minimal policy. I tried the volume definition suggested at https://github.com/zaproxy/zaproxy/issues/4354 but still the scan picks the API-MINIMAL policy file.
I see the below in log
Active Scan http://service:8080 with policy API-Minimal
Please can someone let me know the best way to use a custom policy and override the API-MINIMAL policy?
Cheers,
Sudhi
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/fdb8087b-8542-4bce-9d2b-c2a58b6302e9%40googlegroups.com.
Regards,
Sudheendra.N.Singh
07872067281
Sudheendra.N.Singh
07872067281
Sudheendra Singh
Dec 11, 2019, 9:13:18 AM12/11/19
to OWASP ZAP User Group
Hi,
I am able to now use a custom config file and do the scan.
On Wednesday, 11 December 2019 12:05:10 UTC, Sudheendra Singh wrote:
Hi,I have managed to create a policy file but I am unable to figure out how to use it to override the API-Minimal policy. I tried the volume definition suggested at https://github.com/zaproxy/zaproxy/issues/4354 but still the scan picks the API-MINIMAL policy file.I see the below in logActive Scan http://service:8080 with policy API-MinimalPlease can someone let me know the best way to use a custom policy and override the API-MINIMAL policy?Cheers,Sudhi
On Tue, 10 Dec 2019 at 07:39, Peter Hauschulz <hauschu...@gmail.com> wrote:
Hi!--I'm not sure exactly how much the default covers, but it looks like this page lists all of the options, so you could start by copying this:
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/fdb8087b-8542-4bce-9d2b-c2a58b6302e9%40googlegroups.com.
--Regards,
Sudheendra.N.Singh
07872067281
Peter Hauschulz
Dec 11, 2019, 9:19:18 AM12/11/19
to OWASP ZAP User Group
What did you do to fix it? :)
Sudheendra Singh
Dec 11, 2019, 11:15:25 AM12/11/19
to OWASP ZAP User Group
I was trying to configure a policy file (.policy) earlier but now have configured a config (.conf) file. Both files are attached.
I still need help to figure out how to tell the docker image to use a custom policy file.
Reply all
Reply to author
Forward
0 new messages