Can ZAP handle Oauth Authentication before access the website ?
201 views
Skip to first unread message
Christine Susuki
Jul 25, 2023, 4:55:57 AM7/25/23
to zaprox...@googlegroups.com
Dear Group,
I am trying to use ZAP to scan a website (eg. https://test.com), but if I want to enter or browse the target website (https://test.com), I have to authenticate, and the target website is using Oauth, so I have to authenticate it in another website (e.g. https://auth.com) with unique nonce and state in every request.
So when I use spider scan to scan the target URL (https://test.com) , I can only get several results since I didn't authenticate to access the website, can ZAP handle this type of situation?
Thanks in advance for your help
I am trying to use ZAP to scan a website (eg. https://test.com), but if I want to enter or browse the target website (https://test.com), I have to authenticate, and the target website is using Oauth, so I have to authenticate it in another website (e.g. https://auth.com) with unique nonce and state in every request.
So when I use spider scan to scan the target URL (https://test.com) , I can only get several results since I didn't authenticate to access the website, can ZAP handle this type of situation?
Thanks in advance for your help
psiinon
Jul 25, 2023, 5:00:38 AM7/25/23
to zaprox...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CAOeo8wv1bWmnZ6P30yX_azdgCm1eu7f9gQ0sTy%2B8MB7-G0Y7Cg%40mail.gmail.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages