Success Story: we45 and AppSecEngineer

Posted 209 Words

We at we45 and our training venture, AppSecEngineer use and train on ZAP extensively. We strongly believe OWASP ZAP to be the most programmable DAST tool in its class, regardless of commercial or OSS alternatives.

One of the things we do with our clients is to implement continuous DAST scanning as part of their DevSecOps initiatives. Many of our clients run a bevy of automated scans on a periodic basis, triggered through CI tooling with ZAP as the tool. For some of those that have End-to-End Test Automation Scripts with Selenium, Cypress, etc, we set up ZAP to be able to run authenticated, completely automated scanning, which is something we find unique in the DAST space

In fact, one of the biggest success stories is one of our clients in the Corporate Travel space. They wanted to integrate SAST, SCA and DAST as part of their CI process. Their QA teams generated End-to-End test automation scripts in Selenium. Within 2 hours, we were able to not only integrate ZAP into their pipeline but also set it up to work in an authenticated, authorized mode with the Selenium test as input. That speaks volumes of the simplicity of ZAP, its power and its ever-expanding ecosystem of useful add-ons and contributions