Add OWASP ZAP adapter to gauntlt #47
Comments
|
I've created a basic ZAP plugin for Minion which shows the sort of things you can do with ZAP: https://github.com/ygjb/minion/blob/master/plugins/zap_plugin/minion/plugins/zap_plugin.py |
|
Thanks for the input Simon. I think it would be fairly straightforward to use the REST API for ZAP within gauntlt. The attack file would specify the URL of a running ZAP server and then send requests to it. One other interesting option is to use JRuby. Since we last discussed ZAP integration, we have added full JRuby support to Gauntlt, which allows us to require and call Java code natively. We are doing a little of this direct Java integration already in scapegoat, one of the support tools we use for testing gauntlt itself: Look forward to working with you to add ZAP support in the coming weeks! |
|
I've been struggling to find an time to look at this :( |
|
Awesome! Thanks, @psiinon Sent from my iPhone On Dec 17, 2012, at 4:00 AM, psiinon notifications@github.com wrote:
|
|
@psiinon I have the goal of adding 15 new tools into gauntlt by Oct 1. Would love to get ZAP in. You still have someone interested in working on the integration. I dont mind stubbing in the first rev of the attack adapter and a couple default attack aliases, but would love to get some ZAP experts to customize the integration. You game? |
|
I'll double check with them. |
|
Hi! Was ZAP integration in Gauntlt done? Thanks! |
|
We need to revisit this, closing for now and we may prioritize ZAP. What is the interest here? |
Its open source, cross platform, and supports JSON & XML via a REST API.
Under very active development, and I'm very happy to enhance it to make it easier to integrate with gauntlt or any other security tool.
It scores 100% XSS detection on wavsep.
The text was updated successfully, but these errors were encountered: