Reputation: 3025
Using OWASP ZAP Proxy for existing suite of Selenium tests
We have a suite of automated regression tests driven using Selenium for an Angular app with a .NET Core WEB API backend.
The intention is to include some automated security testing as part of our overnight build/test run.
From reading so far it looks like running ZAP as an intercepting proxy between Selenium and our web application is the way to go (see 'Proxy Regression/Unit Tests' in https://www.zaproxy.org/docs/api/#exploring-the-app) but I'm struggling to find clear documentation/examples.
What is the simplest way to achieve this using OWASP ZAP, and are there any definitive articles/examples available?
Upvotes: 1
Views: 912
Answers (1)
Reputation: 6186
Start with the packaged full scan: https://www.zaproxy.org/docs/docker/full-scan/
Set the port and then proxy your selenium tests through ZAP. Use the -D parameter to pause ZAP until your tests have finished. For more ZAP automation options see https://www.zaproxy.org/docs/automate/
Upvotes: 1
Related Questions
- Authentication using selenium python and Scanning through OWASP ZAP
- Local traffic not proxied via Java ZAP API by ChromeDriver
- How to start OWASP ZAP proxy with Chrome webdriver and java?
- Owasp Zap Testing rest api
- ZAP setup for selenium
- Set up drivers for owasp zap in selenium using java
- how to use ZAP JxBrowser in ZAP selenium?
- How to integrate selenium and ZAP
- Automated testing for OWASP A1-A10
- Using OWASP ZAP behind a corporate proxy