owasp zap with screenReaders
34 views
Skip to first unread message
Nguyễn Ngọc Tiến
Aug 11, 2023, 12:12:10 PM8/11/23
to zaprox...@googlegroups.com
hi i have a question about using owasp zap with screen readers.
i'm using jaws and NVDA, but i can't reach the interface of owasp zap,
the screen readers are very responsive and the features are hard to
use.
so here I want to ask is: is there any way to use the features of
owasp zap without software?
i am developing web using python and nodejs. i want to ask if i can
use all the features of owasp zap using the api or i can write python
code for the features myself.
If anyone has ever used python to test security as well as detect
vulnerabilities of a website, please share your views with me. thank
you.
i'm using jaws and NVDA, but i can't reach the interface of owasp zap,
the screen readers are very responsive and the features are hard to
use.
so here I want to ask is: is there any way to use the features of
owasp zap without software?
i am developing web using python and nodejs. i want to ask if i can
use all the features of owasp zap using the api or i can write python
code for the features myself.
If anyone has ever used python to test security as well as detect
vulnerabilities of a website, please share your views with me. thank
you.
psiinon
Aug 11, 2023, 12:17:44 PM8/11/23
to zaprox...@googlegroups.com
Hi Nguyễn,
ZAP can be automated - for more details see https://www.zaproxy.org/docs/automate/ (I hope our website works ok with screen readers).
The Automation Framework is pretty powerful - it allows you to control ZAP with one yaml file.
The API is even more powerful - it supports nearly all of the ZAP functionality, but it is harder to get started with, especially if you cannot use the ZAP desktop.
If you (or anyone else) can let us know the biggest problems using screen readers with the ZAP UI then we can start to look at them, but it will probably be a long process.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CAKwK%2B%3DTC0vQ94BBrX474jG3FgZKMo-0yrkfHtM4gLkcWaJUr3g%40mail.gmail.com.
--
ZAP Project leader
Nguyễn Ngọc Tiến
Aug 11, 2023, 12:31:54 PM8/11/23
to zaprox...@googlegroups.com
if i want to use owasp zap api, do i need to install owasp zap on my computer?
> ZAP <https://www.zaproxy.org/> Project leader
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/CAORxfg5c1zrwf3_f5X4BVRoxbkYp7zac7v02Vmsqw%3DVVa4fMkw%40mail.gmail.com.
> --
> You received this message because you are subscribed to the Google Groups
> "ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> To view this discussion on the web visit
>
psiinon
Aug 11, 2023, 1:13:12 PM8/11/23
to zaprox...@googlegroups.com
You need to install ZAP somewhere :)
FYI ZAP is no longer part of OWASP.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CAKwK%2B%3DSa0YDMQMQj8653wos_eF3wy6Tt3Svsj7aanzTo5mtphg%40mail.gmail.com.
Nguyễn Ngọc Tiến
Aug 11, 2023, 1:20:34 PM8/11/23
to zaprox...@googlegroups.com
can you guide me to use some basic features using api, for example
proxy feature.
>> https://groups.google.com/d/msgid/zaproxy-users/CAKwK%2B%3DSa0YDMQMQj8653wos_eF3wy6Tt3Svsj7aanzTo5mtphg%40mail.gmail.com
>> .
>
proxy feature.
>> .
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/CAORxfg5SMA__EU1RAjy%2Bzgb1Y3RN%2BjGrGL9hyOSS9%2B70-uDo8g%40mail.gmail.com.
>
> --
> You received this message because you are subscribed to the Google Groups
> "ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> To view this discussion on the web visit
>
psiinon
Aug 14, 2023, 3:39:23 AM8/14/23
to zaprox...@googlegroups.com
We can try :)
However the API is really designed for automation - I would find it very difficult to use ZAP as a manual security tool just using the API.
You could use the API to create a web based UI for ZAP that is more accessible.
We would like to do that but do not have enough volunteers to take it on.
Re proxying via ZAP, the main changes you need to make are to the app you want to proxy, e.g. your browser.
Browsers launched by ZAP are set up correectly, but I dont this we have API calls to launch browsers yet.
You will need to configure your browser as per https://www.zaproxy.org/docs/desktop/start/proxies/
In order to see the requests proxied through ZAP use the "core" message views, e.g.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CAKwK%2B%3DT2PbsWX75KnX%3DA4kO7q86FA1KGiVVxQQdOy%3DMpxDCL9Q%40mail.gmail.com.
--
ZAP Project leader
Reply all
Reply to author
Forward
0 new messages