Parameterizing Zap Context file
69 views
Skip to first unread message
Kit Lykos
Jun 3, 2024, 1:53:03 PM6/3/24
to ZAP User Group
I picked up a project recently working to get Zap scans running against our site. We used the tool to generate a context file and it works fine, unless we try to pass the environment name in. We had done that in the past but we cannot seem to get it working currently. We want to be able to run the tool for jobs as we need, so passing the name in is necessary.
I changed the ingress web link to include the environment as part of the address. It still ingests it but says it can't be found (though it's the right address that works when hard coded, so it does look like the variable is being applied to the file) and we verified it was actually ingesting the context file, it errors on the web link part as far as we can tell. It doesn't seem to use the authentication information at that point, which leads to the failure as it's trying to log in a different way which won't work for our testing purposes.
I changed the ingress web link to include the environment as part of the address. It still ingests it but says it can't be found (though it's the right address that works when hard coded, so it does look like the variable is being applied to the file) and we verified it was actually ingesting the context file, it errors on the web link part as far as we can tell. It doesn't seem to use the authentication information at that point, which leads to the failure as it's trying to log in a different way which won't work for our testing purposes.
Simon Bennetts
Jun 6, 2024, 4:39:40 AM6/6/24
to ZAP User Group
Hiya,
For the best way to handle your authentication requirements see https://www.zaproxy.org/docs/authentication/
For non trivial automation you should look at the Automation Framework rather than generating your own ZAP contexts: https://www.zaproxy.org/docs/automate/automation-framework/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages