from and json based authentication
42 views
Skip to first unread message
Julia Khanbekova
Jan 25, 2025, 5:02:31 PM1/25/25
to ZAP User Group
Hi, Simon!
Help me with questions:
1. What is the difference between json and form based authentication in zap? How can I understand which one my scanned resource uses?
2. I scanned form based via zap desktop and also passed the loginRequestBody parameter
At the same time, when authorizing in my resource, I receive a jwt token. Can this be considered json form authentication? And if so, why did the scan via form based authentication pass successfully?
Help me with questions:
1. What is the difference between json and form based authentication in zap? How can I understand which one my scanned resource uses?
2. I scanned form based via zap desktop and also passed the loginRequestBody parameter
At the same time, when authorizing in my resource, I receive a jwt token. Can this be considered json form authentication? And if so, why did the scan via form based authentication pass successfully?
Simon Bennetts
Jan 28, 2025, 9:22:00 AM1/28/25
to ZAP User Group
Hiya,
Lets start with the simularities first :)
They are both "old" authentication mechanisms which will typically not work (well) with modern web apps.
For anything to do with authentication you should start here: https://www.zaproxy.org/docs/authentication/
FYI we are working very actively in this area, so watch out for more announcements on this group.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages