Dynamic

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

Its core engine is OWASP ZAP Proxy (https://owasp.org/www-project-zap/). Taking advantage of the ZAP container, this project provides value as follows:

  • Easy automation(via fully working in CLI with yaml configuration) of API scanning based on OAS definition
  • Create users’ own custom rules via yaml files
  • XML, HTML, JSON report generation

podman or docker is required.

For podman

$ pip3 install podman-compose
$ podman pull docker.io/owasp/zap2docker-stable
  1. Get a URL for the OAS3 definition file
  2. Get a URL for the target API
  3. Create config.yaml with the URLs and place it in config/
  4. zaproxy container must be running (either runenv.sh or runenv-debug.sh)
$ ./runenv.sh

Run in the project root directory,

$ test/scan-example-with-podman.sh

When a scan is completed, its report will be generated in the results/

Example

$


 


 




 


To finish reading, please visit source site