From 3dfa987055cb90d76ba64338e52b2ed7bf5ad1b9 Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Mon, 6 Oct 2025 08:11:52 -0400
Subject: [PATCH] Added testfire AF plan

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 other/CHANGELOG.md                       |  3 ++
 other/af-plans/FullScanTestfireAuth.yaml | 59 ++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 other/af-plans/FullScanTestfireAuth.yaml

diff --git a/other/CHANGELOG.md b/other/CHANGELOG.md
index efd9973b..83a734df 100644
--- a/other/CHANGELOG.md
+++ b/other/CHANGELOG.md
@@ -3,6 +3,9 @@ All notable changes to the 'other' section of this repository will be documented
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+### 2025-10-06
+- Added af-plans/FullScanTestfireAuth.yaml
+
 ### 2025-10-03
 - Added af-plans/FullScanCrApiAuth.yaml and more import job examples to af-plans/ApiScanExample.yaml
 - Changed auth AF plans to use seconds instead of requests for pollUnits.
diff --git a/other/af-plans/FullScanTestfireAuth.yaml b/other/af-plans/FullScanTestfireAuth.yaml
new file mode 100644
index 00000000..902f6cc2
--- /dev/null
+++ b/other/af-plans/FullScanTestfireAuth.yaml
@@ -0,0 +1,59 @@
+---
+# A simple plan for performing an authenticated scan against Testfire (AltoroJ).
+# 
+env:
+  contexts:
+  - name: testfire
+    urls:
+    - https://demo.testfire.net
+    includePaths:
+    - https://demo.testfire.net.*
+    authentication:
+      method: browser
+      parameters:
+        loginPageUrl: https://demo.testfire.net/login.jsp
+        browserId: firefox-headless
+        loginPageWait: 2
+      verification:
+        method: poll
+        loggedInRegex: \Q 200 OK\E
+        loggedOutRegex: \Q 302 Found\E
+        pollFrequency: 60
+        pollUnits: seconds
+        pollUrl: https://demo.testfire.net/bank/main.jsp
+        pollPostData: ""
+    sessionManagement:
+      method: headers
+    users:
+    - name: jsmith
+      credentials:
+        password: demo1234
+        username: jsmith
+  parameters: {}
+jobs:
+- type: openapi
+  parameters:
+    apiUrl: https://demo.testfire.net/swagger/properties.json
+    context: testfire
+    user: jsmith
+- type: spider
+  parameters:
+    context: testfire
+    user: jsmith
+    url: https//demo.testfire.net
+- type: passiveScan-wait
+  parameters: {}
+- type: activeScan
+  parameters:
+    context: testfire
+    user: jsmith
+    policy:
+  policyDefinition:
+    defaultStrength: medium
+    defaultThreshold: medium
+- parameters:
+    template: "modern"
+    reportTitle: "ZAP Scanning Report"
+    reportDescription: ""
+  name: "report"
+  type: "report"