Reputation: 422
Can we use an existing OWASP ZAP Session to test for new release?
Currently, we have monthly releases. This month I have manually explored the application using OWASP ZAP and saved the session. In the next release i.e, next month can I use the same session to test the new release?
Upvotes: 1
Views: 357
Answers (2)
Reputation: 193298
Keeping it short and simple, from functional perspective there is no harm in using the previously saved owasp zap session for the new release.
Why shouldn't you use the previously saved ZAP session
A new software release will essentially contain either/all of the following:
- New Features
- Feature Enhancements
- Bug Fixes
In the due coarse of the above mentioned aspects the functional and non-functional requirements of the product might have changed as well interms of:
- Technical Details
- Data Manipulation
- Processing
These changes may address the previously discovered security risks and vulnerabilities of the system and its data as well as add new security risks and vulnerabilities too.
Conclusion
So, from the above mentioned reasons, it is always advisable to initiate the Software security-testing activity from a clean test environment, i.e. using a new zap session.
Upvotes: 0
Reputation: 6226
In theory yes, but why do you want to do that?
If its so that you dont need to explore the app again then be aware that if you dont do that then you will probably miss new or changed content and therefore potentially new vulnerabilities. To see all of app you should really explore it from scratch every time.
Upvotes: 0
Related Questions
- Install & Run OWASP ZAP via Ubuntu command line
- How to login and scan with OWASP Zap
- OWASP ZAP, how to authenticate using Form-based Auth Login context and POST request
- How to run ZAP scan in command line?
- OWASP Zap Plug-In Development
- Adding authentication in ZAP tool to attack a URL
- Utilizing ZAP for RESTAPI testing
- Owasp Zap Testing rest api
- ZAP setup for selenium
- Testing Session Management with ZAP