'OWASP Zed Attack Proxy Scan in DevOps pipeline
My requirement is do the "Authenticated Scan" by using the TFS DevOps pipeline, for this I added the "OWASP Zed Attack Proxy Scan" extension under TFS and added the tasks in pipeline. also I installed the OWASP desktop app (2.11.1), pipeline working fine with 'Unauthenticated mode' on the website, but I need to do the 'authenticated scan so that tool can identity the bugs/vulnerabilities after the login pages as well, how this can be done?
Solution 1:[1]
First of all, you dont need to use the ZAP desktop app - ZAP can be run in a variety of ways that are more suited to automation - see https://www.zaproxy.org/docs/automate/
Secondly, authentication can be a real pain - there are so many ways that applications handle it :( Have a look at the official ZAP videos on https://www.zaproxy.org/videos-list/ - you can search for "Auth" in the tags to narrow those down to the most relevant ones.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Simon Bennetts |