Comments (8)
Hi Anthon,
I'm really keen for ZAP to integrate as well as possible with other tools.
Invoking other apps from ZAP was a start, but the opposite is also very important.
For this to be possible ZAP really needs to either run as a daemon/service or to provide
a library which can be invoked.
I think both are desirable, but a non trivial amount of work.
Do you have any views on what would be the most effective form of integration for your
set up?
I've been thinking about how ZAP could perform security regression tests for a while
- I'll raise another issue to cover this.
Many thanks,
~Psiinon
Original issue reported on code.google.com by psiinon
on 2011-01-13 09:23:48
from zaproxy.
(No text was entered with this change)
Original issue reported on code.google.com by psiinon
on 2011-01-13 09:24:10
- Labels added: Type-Enhancement
- Labels removed: Type-Defect
from zaproxy.
Hudson already runs continuously, so in this context, either:
a) treat ZAP as an external app that is invoked via ant task with various command-line
options (e.g., output results to console or a file)
b) treat ZAP as a library; this would require an integration layer similar to existing
third-party build tools, http://wiki.hudson-ci.org/display/HUDSON/Plugins#Plugins-Buildtools;
then makes the results available through the Hudson dashboard
The first option is the simpler of the two. The second option gives ZAP more exposure
as it would be listed in the Hudson plugins directory (on the web and via Hudson's
dashboard).
Original issue reported on code.google.com by anthon.pang
on 2011-01-13 14:23:48
from zaproxy.
I must admit I prefer the idea of invoking it via the command line - it makes it easier
for integration with other technologies as well.
Wrappers can then be written to enable better integration with tools like Hudson if
that helps.
Thanks,
Psiinon
Original issue reported on code.google.com by psiinon
on 2011-01-13 14:52:37
from zaproxy.
Upgraded to high, as this is something I'd really like to see in the next release.
Psiinon
Original issue reported on code.google.com by psiinon
on 2011-02-25 16:17:50
- Labels added: Priority-High
- Labels removed: Priority-Medium
from zaproxy.
ZAP can now be run in the background without the UI using the -daemon option.
It also now provides an API for invoking operations like spidering and scanning sites
and returning info in xml or JSON format.
Needs to be fully documented, but examples include:
View hosts http://zap/xml/core/view/hosts http://zap/json/core/view/hosts
View sites http://zap/xml/core/view/sites http://zap/json/core/view/sites
View urls http://zap/xml/core/view/urls http://zap/json/core/view/urls
View alerts http://zap/xml/core/view/alerts http://zap/json/core/view/alerts
View ascan status http://zap/xml/ascan/view/status http://zap/json/ascan/view/status
View spider status http://zap/xml/spider/view/status http://zap/json/spider/view/status
Action shutdown http://zap/xml/core/action/shutdown http://zap/json/core/action/shutdown
Action save session http://zap/xml/core/action/savesession/?name=apitest http://zap/json/core/action/savesession/?name=apitest
Action load session http://zap/xml/core/action/loadsession/?name=apitest http://zap/json/core/action/loadsession/?name=apitest
Action new session http://zap/xml/core/action/newsession/?name=apinew http://zap/json/core/action/newsession/?name=apinew
Action spider http://zap/xml/spider/action/scan/?url=http://localhost:8080/zap-wave/
http://zap/json/spider/action/scan/?url=http://localhost:8080/zap-wave/
Action ascan http://zap/xml/ascan/action/scan/?url=http://localhost:8080/ http://zap/json/ascan/action/scan/?url=http://localhost:8080
Note that the API is disabled by default - it must be enabled via the Options first.
At the moment all API opertations are via GET requests.
This is the first phase of the API work - requests for the next phase gratefully received.
Psiinon
Original issue reported on code.google.com by psiinon
on 2011-05-09 20:01:35
from zaproxy.
Fixed in release 1.3.0
Original issue reported on code.google.com by psiinon
on 2011-06-07 05:19:16
from zaproxy.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from zaproxy.
Related Issues (20)
- False-positive CSP: Wildcard Directive HOT 1
- Latest owasp/zap2docker-weekly Image Missing `linux/amd64` Build HOT 4
- Command output: exec /zap/zap-baseline.py: exec format error HOT 1
- AMD64 docker images not longer available in Docker Hub HOT 1
- owasp/zap2docker-stable:latest Getting error while building docker image on Jenkins exec /zap/zap.sh: exec format error HOT 1
- 2.14版本的报告问题 HOT 6
- Dockerhub: amd64 images HOT 1
- Web App does not redirect in ZAP browser HOT 3
- Platform Mismatch Error When Running zap2docker-stable:latest HOT 2
- As of 4 days ago there are only arm64 versions of the docker image available for zap2docker-stable HOT 2
- publishing only linux/arm64 images to dockerhub? HOT 2
- Release 2.15 HOT 8
- Can't find Browser View extension HOT 1
- Incomplete report for template Risk and Confidence HTML HOT 14
- Why did I not have a quick start when installing zap2.14 for Win10 HOT 1
- no quick start HOT 2
- ZAP hanging when starting with Tech Detection add-on loading data HOT 3
- Provide ZAP Docker image for `windows/amd64` HOT 11
- alertFilters filter not working fine with contexts. HOT 1
- GraalVM JavaScript engine not loading with Java 22 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.