BenDavid
Reputation: 133
zap weak password and SSL policies
I have search through ZAP documentation and ZAP Coverage of OWASP Top 10 and have not determined how to automatically check weak password policy and SSL/TLS testing with ZAP.
Is there a plugin in the ZAP Marketplace? Is there an approach using ZAP that could be scripted?
I am using an August 2018 weakly release of ZAP.
Upvotes: 0
Views: 130
Answers (1)
kingthorin
Reputation: 1528
To "test" the password policy simply use the app and account creation/password change functionality (as outlined in the link you provided). You can do this by creating appropriate Selenium test cases. (It isn't something that ZAP can to automatically.)
For TLS testing you can checkout the HTTPS Info add-on.
Upvotes: 0
Related Questions
- How to login and scan with OWASP Zap
- Create ZAP context using ZAP-CLI
- Adding authentication in ZAP tool to attack a URL
- Utilizing ZAP for RESTAPI testing
- Owasp Zap Testing rest api
- ZEST script authentication using OWASP ZAP
- Testing Session Management with ZAP
- OWASP Zaproxy cannot attack URL if its begins with https
- How to Perform "Vertical Privilege Escalation" testing using ZAP?
- ZAP API session authentication