Comments (6)
One of the AI use cases I see integrating with ZAP is "API sequencing" using only the Swagger file as an input. The starting point would be a Swagger definition file, and the goal would be to generate HTTP calls that simulate real user actions. For example, let's suppose we have an API that manage products, the prompt will ask the LLM to generate API calls to simulate a real user calling these APIz through an SPA, like, first creating a product, the. viewing the product, viewing all products, searching for a product, and then deleting it, etc. This could be highly beneficial during the crawling stage of an API scan. I would be happy to work on this and mentor the future intern tasked with this integration.
from zaproxy.
https://www.reddit.com/r/AskNetsec/comments/1astsqu/feedback_wanted_a_saasbased_security_tool_with/
from zaproxy.
https://arxiv.org/abs/2402.06664
from zaproxy.
https://medium.com/@danieldkang/llm-agents-can-autonomously-hack-websites-ab33fadb3062 - from one of the authors of the above research
from zaproxy.
Recently Google relased an Open Source AI powered filetype identificator. It could be useful to better infer static filetypes: https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
I guess a lot of analysts do loose time with false positives.
from zaproxy.
Thanks @TmmmmmR - thats a very good suggestion.
No one is assigned to this (and we were not accepted as a GSoC mentoring org this year) but if you fancy on working on this anyway I'd be delighted to have a call with you...
from zaproxy.
Related Issues (20)
- UI problem on ZAP HOT 3
- can't get Replacer to work at all HOT 4
- "Cloud Metadata Potentially Exposed" Correct Response Inquiry HOT 7
- ZAP does not pause autoscan when internet connection become lost HOT 3
- `/xml/automation/view/planProgress` returns content with default toString() of java objects
- False positive in Single Page Application (SPA) HOT 6
- Disable cache - deleting cache headers HOT 11
- False-positive CSP: Wildcard Directive HOT 1
- Latest owasp/zap2docker-weekly Image Missing `linux/amd64` Build HOT 5
- Command output: exec /zap/zap-baseline.py: exec format error HOT 1
- AMD64 docker images not longer available in Docker Hub HOT 1
- owasp/zap2docker-stable:latest Getting error while building docker image on Jenkins exec /zap/zap.sh: exec format error HOT 1
- 2.14版本的报告问题 HOT 6
- Dockerhub: amd64 images HOT 1
- Web App does not redirect in ZAP browser HOT 3
- Platform Mismatch Error When Running zap2docker-stable:latest HOT 2
- As of 4 days ago there are only arm64 versions of the docker image available for zap2docker-stable HOT 2
- publishing only linux/arm64 images to dockerhub? HOT 2
- Release 2.15 HOT 8
- Can't find Browser View extension HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.