Where in source code ZAP I can find list or template of response errors like MySQL-Error, PHP-Error from test sites? Do not the problems mentioned by the ZAP in the results.
The ZAP active scan rules are defined in the following locations, depending on the status of the relevant rules:
Release quality: master/src/org/zaproxy/zap/extension/ascanrules
Beta quality: branches/beta/src/org/zaproxy/zap/extension/ascanrulesBeta
Alpha quality: branches/alpha/src/org/zaproxy/zap/extension/ascanrulesAlpha
For future reference we may restructure the repo in which case all of the rules might end up in the master or maybe develop branch.
For more details about the active rules see http://zaproxy.blogspot.fr/2014/04/hacking-zap-4-active-scan-rules.html
You can also ask specific questions on the ZAP developer group: https://groups.google.com/group/zaproxy-develop
Related
We have a requirement as below to automate in ZAP
Go through POST request in ZAP tool
Identify values which got posted in Request tab
Highlight the value passed(for example: to textarea field) and right click > goto Fuzzer
Choose required injections like SQL Injection or RDF Injection etc.,
Add payload
Start fuzzer
Expected result would be to generate a comparison report of request before and after fuzzing is done.
Can this be automated in ZAP?
Currently the Fuzzer doesn't have a web API. Largely due to the fact that we're lacking user input on how such functionality should work and what their expectations for it might be.
Here's the existing issue you should provide your feedback on: https://github.com/zaproxy/zaproxy/issues/1689
There is an unfinished PR adding an initial implementation, you could pull the PR branch and build the add-on for testing purposes and to potentially encourage the submitting user to complete it: https://github.com/zaproxy/zap-extensions/pull/2222
I've made an application that creates pull requests to update the dependencies in all of my org's repos when the repo "Alpha" gets a new tag. The process is triggered by our CI flow on Alpha. Other engineers here would like to upgrade this application so that whoever made the tag is also automatically added as a requested reviewer to all of the associated pull requests. I do not see any way to do this with the github REST api. So far I have:
GET tag by name -> tag object sha
GET tag (with obj sha) -> tagger name & tagger email
*************GAP**************
POST requested reviewer (with username) -> completed!
I can't see any good way to get a username from the REST api with the name and/or email. I could query commits from Alpha and filter them, BUT "person who tagged" != "person who made last commit AND I know that at least one of our more prolific taggers is sometimes logged in from different emails (web vs cli vs home machine, etc), so the app might miss them from time to time.
I think it may be possible to get what I want via the GraphQL api, but I'd really like to exhaust REST possibilities before I go down that road. Please shoot any ideas my way!
After gathering more information, it looks like it's possible, and even slightly more elegant than I anticipated. If I have the name of the tag (the 'ref'), I can get a specific commit with that rather than the SHA. the response for this commit includes author information that gives the login. I can then use this along with the pull number to request a reviewer.
We've got a very large Web application with about 1000 pages to be tested (www.project-open.com, a project + finance management application for service companies). Each page may take multiple parameters (object-id, filters, column name to use for sorting, ...). We are now going to implement additional security checks on these parameters, so we need to systematically test that a) offensive parameter values are rejected and b) that the parameter values actually used by the application are accepted correctly.
Example: We might want to say that the sort_column parameter in a page should only consist of alphanumeric characters. But the application in reality may include a column name with a space in it, leading to a false positive security alert (space character not being an alphanumeric character).
My idea for testing this would be to 1) manually navigate to each of these pages in proxy mode, 2) tell ZAP to start spidering all links on this page for one or two levels and 3) tell ZAP to start fuzzing on these URLs.
How can this be implemented? I've got a basic understanding of ZAP and did some security testing of ]project-open[. I've read about a ZAP extension for scanning a list of URLs, but in our case we want to execute some specific ZAP actions on each of these URLs...
I'll summarise some of your options:
I'd start by using the ZAP desktop so that you can control it and see exactly what effect it has. You can launch a browser, explore you app and then active scan the urls you've found. The standard spider will find explore traditional apps very effectively but apps that make a lot of use of JavaScript will probably require the ajax spider.
You can also use the 'attack mode' which attacks everything that is in scope (which you define) that you proxy through ZAP. That just means the ZAP effectively just follows what you do and attacks anything new. If you dont explore part of your app then ZAP wont attack it.
If you want to implement your own tests then I'd have a look at creating scripted active scan rules. We can help you with those but I'd just start with exploring your app and running the default rules for now.
I am looking into improving the workflow my colleague and myself are using for BitBucket. Something that is often forgotten is the documentation for the feature we are working on therefore I thought I good way to 'don't forget' would be to add a Task as soon as a Pull request is created for a particular branch.
The first think a developer should do after creating the Pull Request would be:
- Add a comment, something like WIP (Work in Progress)
- Create a task underneath, something like 'Add documentation'
In this way, we won't be able to 'Merge' the branch into 'Develop' if All tasks are not completed (this is how it is currenly configured).
Rather than having the developer to do so, it would be good if we can have the system to do so as soon as we create the Pull Request.
Is that possible?
I had searchd on Internet, to be honest I didn't understand if taht functionality comes with like the Premium package or if it is an Add-On...who knows.
Thanks :)
Atlassian recently added a 'Default Pull Request Tasks' feature to Bitbucket Cloud.
The same functionality was previously available as a Bitbucket app, but it was removed in May 2020. It's now a native feature.
Product announcement: https://bitbucket.org/blog/bitbucket-cloud-product-updates-august-2022
Feature details: https://bitbucket.org/blog/default-pull-request-tasks
You can try this. It is free for 30 days.
https://marketplace.atlassian.com/apps/1225598/default-tasks-for-pull-requests?tab=pricing&hosting=datacenter
I did not find any free solutions.
I am first time using gatling and I am stack with such task
I need to provide working code of the following scenarios: dont know how to describe logging in/out
Basic flow: user1 is login in > continue to landing page > navigating through pages
Flow2 : user2 which is already logged in is downloading some pages
Flow 3: user1 and user2 are logging in and out for about 500 time each during 10 minutes.
You can use "Scenarios" and "Chain" them.
Each flow you are mentioning will become a scenario.
To give you a hint:
Start with defining User Requests: for e.x.: Login, Logout, Go To Landing Page, Navigate Some Pages, Download Something etc.
val loginRequest = exec(http("Login").get(...))
Then define Scenario like:
val basicFlow = scenario("My basic flow").exec(loginRequest).exec(browseRequest).exec(logout)
val flow2 = scenario("My 2nd Flow").exec(loginRequest).exec(browseRequest).exec(downloadRequest).exec(logout)
Then you can chain your scenarios in Simulation/setUp like:
setUp(basicFlow(injectAtOnce(1)), flow2(rampUsers(20) over (3 minutes))
You can then improve the load (setUp method), loop your requests etc.
The Gatling Documentation is a good place to start. The following pages will help elaborate more on what I explained briefly above:
More about Scenarios and Control flows like repeat etc.
Simulation and Load setup
If all this seems overwhelming, I would suggest start your record your individual scenarios and then refactor the generated code.
Once you are familiar with the concepts, you can try their helpful Cheatsheet
Edit#1
Gatling has restructured their documentation, updated the links. Please note that the code is as of Gatling 2.0.3, current version is 2.3, so it might not work out of the box, but the concept remains the same.