[security] ZAP - investigate REST API URL list definition

RESOLVED WONTFIX

Status

Cloud Services
QA: Test Automation
RESOLVED WONTFIX
2 years ago
2 years ago

People

(Reporter: rpapa, Assigned: rpapa)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Q1)

from :psiinon

We have an add-on which will import lists of plain URLS in text files - one per line.
This works well with web apps as we can then spider those URLs.
It wont work so well with APIs because we wont know what data to supply, and thats always the most useful stuff to attack;)

If you do have some data then how about defining it in something like swagger / openapis or WADL?
OK, so we cant import those yet ... but we've got an open issue to do so and it will be a great incentive for me to fix that, even if its a quick hack ;)
Assignee: sphilp → rpappalardo
Whiteboard: Q1
we're going to use http_proxy instead
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.