Closed Bug 1239763 Opened 8 years ago Closed 8 years ago

[security] ZAP - investigate REST API URL list definition

Categories

(Cloud Services :: QA: Test Automation, defect)

Product:
Cloud Services
Component:
QA: Test Automation
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: rpapa, Assigned: rpapa)

Details

(Whiteboard: Q1) 

from :psiinon

We have an add-on which will import lists of plain URLS in text files - one per line.
This works well with web apps as we can then spider those URLs.
It wont work so well with APIs because we wont know what data to supply, and thats always the most useful stuff to attack;)

If you do have some data then how about defining it in something like swagger / openapis or WADL?
OK, so we cant import those yet ... but we've got an open issue to do so and it will be a great incentive for me to fix that, even if its a quick hack ;)
Assignee: sphilp → rpappalardo
Whiteboard: Q1
we're going to use http_proxy instead
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.