Automating OWASP ZAP with PHP
Question
I'm working at a company using PHP in the backend. Is it possible to automate a ZAP automated scan for a webpage with PHP?
I have a context for a website with several users and I would like to scan it ie once a week and return a report. Is this doable with PHP? I would need the automated scan (including the traditional spider, AJAX spider, and the active scan) to run and log in. It should run that for every user once because they have different roles and can therefore access different parts on the page.
I'm new to this field and received this task and don't really know how to approach it. I haven't found anything online so far and would be grateful for your help:)
1 answers
solution1
0 ACCPTED 2021-01-08 09:17:37
Yes, ZAP doesnt care what technology your web app uses. If it has an HTTP(S) interface then ZAP can test it. If you use github then have a look at the ZAP github actions:https://github.com/marketplace?type=actions&query=owasp+zap otherwise have a look at the ZAP packaged scans which use docker: https://www.zaproxy.org/docs/docker/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.