Using OWASP ZAP with Shibboleth?
Question
I have scanned the OWASP documentation and the login methods that are details in said documentation don't appear to be related to applications that are using Shibboleth.
For those that have worked with Shibboleth, you'll know that it works with various redirects so the usually OWASP login method using form id's etc doesn't work.
I/We are attempting to add this OWASP reporting in a pipeline, but not being able to scan beyond the login path presents obvious issues.
I was wondering if anyone had any experience surrounding OWASP and Shibboleth and could lend a hand?
Much appreciated in advance!
1 answers
solution1
0 2021-10-04 15:13:43
ZAP should be able to cope with any authentication method (assuming you have access to all the data needed). In this case you'll probably need to use scripts.
Do you understand how the Shibboleth authentication and session handlings works? If so I can hopefully talk you through what you'll need to do in ZAP. That would be easier on the ZAP User Group but we can carry on here as long as you dont mind my replies taking longer;)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.