Reputation: 556
Zap scan is not running SOAP injection test
I am passing the 90019 scanner, for SOAP injection, into a zap script, but it is not running it, while it does run other rules, such as OS Command Injection, and SSI Server Side. I am running zap from a docker container and I noticed watching the output that these other rules correspond to a particular zap plugin. So, I am guessing I am missing a SOAP plugin in my environment and my question is: how can I install a plugin in Docker that corresponds to scanner 90019 to make sure that the script that runs zap scan checks for this rule? Many thanks. If there's something else that I am missing or more info is needed, please let me know.
Upvotes: 0
Views: 544
Answers (1)
Reputation: 6196
The SOAP Scanner is included in this add-on: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsSoapSoap This is included in the weekly docker image but not in the stable one.
You can install it when you start ZAP in the docker container by adding the parameters:
-addoninstall soap
You can also install add-ons using the ZAP API, but thats only worth doing if you are already using the API.
Upvotes: 2
Related Questions
- Zap2Docker custom scan rules
- ZAP active scan works in desktop but fails in docker image with url_not_in_context error
- How to run ZAP Scan to scan another container
- Zap docker - Active scan
- OWASP Zap Docker scan spidering out-of-scope items
- OWASP ZAP docker returns 'Connection refused' when running active-scan
- Scanning Rest API's through OWASP zap inside a docker environment
- How to run OWASP Zed Attack Proxy ZAP's zap-api-scan.py without requiring docker
- why does dockerized zap hang at the end of a baseline scan?
- Pass login parameters to scan with owasp zap on docker command