Skip to content

Testing

thc202 edited this page Sep 6, 2015 · 4 revisions
Clone this wiki locally

Testing ZAP

We have just created a new project, zaproxy-test for all of the test code related to zaproxy and zap-extensions.

This will include (but is not limited to)

  • Unit Tests for ensuring the intended behavior of individual classes
  • Integration Tests verifying correct interaction between classes or components
  • Supporting classes like builders, matchers etc.

There are also some test scripts that can be used to see how ZAP scores against well known test applications and sites.

The plan is to steadily increase the number of such tests in time.

Note that these test show how good ZAP is vs these tests, rather than an overall measure of quality ;)

Completely automated testing will only ever find a subset of vulnerabilities, which is why ZAP provides manual tools as well!

For wavsep results please see the TestingWavsep page

TODO: update these results for 2.0.0 :)

Test app/site Script 1.4.0.1 Trunk Notes
Watcher script 26% 26% The test pages are now here: http://www.testcases.org/watcher/
WIVET 10% 72% Trunk - using the Ajax Spider

Other vulnerable apps / test suites we should test against: