OWASP ZAP Integration

Setup

In order to setup OWASP ZAP integration, you will need to have ZAP running on the same host as Sn1per and the http/https proxy listening on port 8081/tcp.

In addition, you will need to enable the ZAP API service and disable the API key.

Next, update the following values in your Sn1per configuration template under /usr/share/sniper/conf/:

ZAP_SCAN="1"

Scanning

To initiate an automated OWASP ZAP scan against a defined target, select the edited configuration file above from the Sn1per Professional or Enterprise UI. After the scan completes, all findings will be automatically imported into the Sn1per Professional or Enterprise UI.

 

Back to Main Documentation