Out-of-band Application Security Testing Support

The OAST Support add-on allows you to detect and exploit out-of-band vulnerabilities in web applications.


For a list of the supported services, see the OAST Services page.


If the Script Console and the GraalVM JavaScript add-ons are installed, a new Extender script template called “OAST Request Handler.js” is added to ZAP. Using this template, you can create a script that performs an action whenever an out-of-band request is discovered. This action could be anything like sending yourself an email or executing another script in ZAP.

See also