Posted Monday June 19, 2017
The previous ZAP blog post explained how you could Explore APIs with ZAP.
This blog post goes one step further, and explains how you can both explore and perform security scanning of APIs using ZAP from the command line.
This allows you to easily automate the scanning of your APIs.
Posted Monday April 3, 2017
APIs can be challenging for security testing for a variety of reasons.
The first problem you will encounter is how to effectively explore an API - most APIs cannot be explored using browsing or standard spidering techniques.
However many APIs are described using technologies such as:
SOAP OpenAPI / Swagger These standards define the API endpoints and can be imported into ZAP using 2 optional add-ons.