Skip to content
Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0
Jupyter Notebook
Branch: master
Clone or download
Latest commit 915cc62 Dec 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
images
orig_session Added ZAP Sessions Jan 24, 2018
temp_session Added empty file to temp_session Jan 25, 2018
.gitignore Changed README Jan 14, 2018
.python-version Initial Commit Jan 9, 2018
OWASP ZAP API Mini Workshop.ipynb
README.md Changes to README Dec 12, 2019
ZAP Sessions.ipynb * Ensured compatibility with python 3 (3.6.1 used) Dec 12, 2019
requirements.txt Added new requirements file Dec 12, 2019

README.md

The Running OWASP 2.8.0 Automation and Scripting Workshop

Objective

I was really impressed by Kelsey Hightower's "Learn Kubernetes the Hard Way". I really wanted to come up with something as simple and effective as that for one of my favorite DAST tools, OWASP ZAP. Instead of making presentations that tend to be theoretical, rather boring and difficult to version manage and control, I decided to go the IPython Notebook route, where this could be an interactive experience and a running tutorial of sorts.

The idea is to have a running interactive, totally hands-on, no-Death-by-Powerpoint :) training on OWASP ZAP Automation and Scripting.

Please feel free to reach out for comments/requests on:

Thanks

  • I would like to thank the OWASP ZAP Development team led by Simon Benetts for their great work with ZAP. It's probably the most powerful security tool for the Continuous Delivery Pipeline
  • I would like to thank my own team at we45 for their work in integrating scanners and DevSecOps pipelines for our clients.

Instructions

Requirements

  • Download ZAP 2.8.0 from here
  • Python 3.6.1
  • Docker

Install Instructions

  • Clone the git clone https://github.com/we45/ZAP-Mini-Workshop
  • I'd highly recommend using a virtualenv here
    • cd ZAP-Mini-Workshop
    • virtualenv zap
    • source zap/bin/activate
  • Install requirements: pip install -r requirements.txt or pip3 install -r requirements.txt depending on how you are managing Python versions on your machine
  • Start the IPython Notebook with jupyter notebook. This should start the notebook and your default browser should automatically redirect you to the iPython Notebook
  • Open the OWASP ZAP API Mini Workshop.ipynb, by clicking on it.
  • Install Docker if not already installed on your laptop. Pull image with this command: docker pull abhaybhargav/vul_flask
  • Run the Docker container with the command: docker run -p 5050:5050 abhaybhargav/vul_flask, you can add the -d optionally to run it as a detached process

Update - 24 Jan 2018

  • Added Automation for ZAP with Stored ZAP Sessions.
  • This can be accessed in the ZAP Sessions notebook
  • Open the ZAP Sessions.ipynb, by clicking on it.

Update - December 12 2019

  • Upgraded to OWASP ZAP v 2.8.0
  • Tested Compatibility with Python 3
  • Added nbstripout library for Output reduction
You can’t perform that action at this time.