Just got an Article Published in eForensics Magazine with a colleague of mine. The Hyperlink to it is listed below.
eForensics Magazine : Learn How to Keep Your Web Applications Secure, Dunne, R., Caldwell, A., (2013). Zed Attack Proxy (ZAP). eForensics Magazine, Vol. 2, No. 21, pp.80-89.
OWASP ZAP’s new feature ZEST allows the ability to create your own scripts.
- Helps create your own specific tests.
- Can be targeted or passive.
- Passive allows the test to be carried out while you are navigating through the Application.
- Targeted – ability to specify a particular page and/or parameter.
- keep track of all the issues found.
This example will demonstrate how to set up a Passive Zest test to search through the application source code for a specific Regex.
Simply add new Condition.
Can specify a search in the Header or the Body.
Source is in the Body and the Regex for this demo is x1.
Creates an IF ELSE statement.
Action is added here to alert when an X1 is found.
Statement; IF REGEX = X1 Alert the user Comment Found and Rate the issue.
Rated High for this.
Action is now in place.
Continue working through the App and this new Zest Script will pick up every X1 occurrence as you go along.