Scanning an app with Single URL

58 views
Skip to first unread message

sparry

unread,
Feb 25, 2022, 5:33:57 AM2/25/22
to OWASP ZAP User Group
Hi, I hope someone can help out with this.  We have a web app that only uses a single url as all navigation etc goes through a navigation servlet.

So each page shows as https://domainname/product/nav

I'm trying to find some way to scan the application, navigate through pages etc to pick up any vulnerabilities.

I'm new to ZAP and couldn't find any references to this they all seem to expect urls with jsp names in them


Thanks all.

kingthorin+owaspzap

unread,
Feb 25, 2022, 6:40:48 AM2/25/22
to OWASP ZAP User Group
Sounds like you probably need to define structural parameters.

Simon Bennetts

unread,
Feb 25, 2022, 6:45:37 AM2/25/22
to OWASP ZAP User Group
You will also need to explore the app using a good set of unit tests proxied through ZAP and/or the Ajax Spider: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/

Cheers,

Simon

sparry

unread,
Feb 25, 2022, 7:17:32 AM2/25/22
to OWASP ZAP User Group
Thank you both for the prompt response, I will go through those links.

Regards
Reply all
Reply to author
Forward
0 new messages