将 OWASP ZAP 与 Shibboleth 一起使用?
[英]Using OWASP ZAP with Shibboleth?
问题描述
I have scanned the OWASP documentation and the login methods that are details in said documentation don't appear to be related to applications that are using Shibboleth.
我已经扫描了 OWASP 文档,并且所述文档中详细说明的登录方法似乎与使用 Shibboleth 的应用程序无关。
For those that have worked with Shibboleth, you'll know that it works with various redirects so the usually OWASP login method using form id's etc doesn't work.对于那些使用过 Shibboleth 的人,您会知道它适用于各种重定向,因此通常使用表单 ID 等的 OWASP 登录方法不起作用。
I/We are attempting to add this OWASP reporting in a pipeline, but not being able to scan beyond the login path presents obvious issues.我/我们正在尝试在管道中添加此 OWASP 报告,但无法扫描登录路径之外的内容会带来明显的问题。
I was wondering if anyone had any experience surrounding OWASP and Shibboleth and could lend a hand?我想知道是否有人对 OWASP 和 Shibboleth 有任何经验并且可以提供帮助?
Much appreciated in advance!非常感谢提前!
1 个解决方案
解决方案1
0 2021-10-04 15:13:43
ZAP should be able to cope with any authentication method (assuming you have access to all the data needed). ZAP 应该能够应对任何身份验证方法(假设您可以访问所有需要的数据)。 In this case you'll probably need to use scripts.在这种情况下,您可能需要使用脚本。
Do you understand how the Shibboleth authentication and session handlings works?您了解 Shibboleth 身份验证和 session 处理的工作原理吗? If so I can hopefully talk you through what you'll need to do in ZAP.如果是这样,我希望能告诉您在 ZAP 中需要做什么。 That would be easier on the ZAP User Group but we can carry on here as long as you dont mind my replies taking longer;)这对ZAP 用户组来说会更容易,但只要您不介意我的回复花费更长的时间,我们就可以继续进行;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.