Zed Attack Proxy 1.0.0

Cyware Orchestrate

Zed Attack Proxy 1.0.0

App Vendor: OWASP ZAP

App Category: Vulnerability Management

Connector version: V1.0.0

API Version: 2.10.0

About App

The Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.

The ZAP app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Start spider	This action starts the ZAP spider on the initialized target. This action must be performed before active scanning.
Start ajax spider	This action starts the ajax spider on the initialized URL.
Passive scan	This action automatically performs a passive scan on targets while spidering. This action ensures if a time-consuming passive scan process gets completed.
Active scan	This action starts an active scan on the target URL. This should only be done after a spidering process.
Get alerts	This action retrieves all alerts from ZAP.

Configuration Parameters

The following configuration parameters are required for the ZAP app to communicate with the ZAP enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
API key	Enter the ZAP API key. Example: "xaCGLgL.0inklc7mVLWwsAawjYr5Rx"	Text	Required
Target URL	Enter the URL to be scanned by ZAP.	Text	Required
IP address	Enter the IP address that ZAP is running on.	Text	Required
Port	Enter the port that ZAP is running on.	Text	Optional	Default value: 8080

Action: Start spider

This action starts the ZAP spider on the initialized target. This action must be performed before active scanning.

Action Input Parameters