68 questions
0
votes
0
answers
30
views
How to intercept apps with short timeouts
I'm using burpsuite community edition. I am intercepting the response, but the timeout value of the target app is short, so it times out while I am tampering with it. What should I do?
- 65
0
votes
1
answer
180
views
How to check XXE(XML External enitites) vulnerability using OWSAP
I'm new to security testing, Could you please help me to how to find the Xml external entity using OWASP ZAP
What steps should I take? I've reviewed the tutorials, but they haven't been helpful for ...
- 63
1
vote
1
answer
299
views
trying to use mockMvc.perform(....content(someJson) to Test my Web-Application
when using mockMvc.perform to Test my Web-Application I'm trying to use .content(someJson) to meet the requirements for the body. Unfortunately, when using .content it appears red with the error:
...
- 19
0
votes
0
answers
171
views
Is the full XML schema of the context file documented somewhere?
When generating a context file using OWASP Zap's Desktop UI (for Windows), I noticed a parameter from the UI missing in the exported context file. Is the full XML schema of the context file documented ...
- 941
-1
votes
1
answer
272
views
How to automate burpsuite with C#?
I have been trying to automate burpsuite using selenium with C# , I couldn't find any elements in the burpsuite.
I couldnt find the elements of the "Next" button in the burpsuite community ...
- 1
1
vote
0
answers
662
views
How to bind DVWA to a real available ip in my network?
I started messing with docker and DVWA, I've noticed that the docker DVWA's enviroment is binded to the localhost (127.0.0.1). I wanted to bind it to a real address in order to mess with it from ...
- 39
-1
votes
2
answers
104
views
Is there a way to check how scan and fuzz commands work at backend in ZAP?
We have a requirement to know how commands works at backend when triggered via OWASP ZAP Tool.
This will help for data visualizing & interaction with ZAP and UI.
For example:
Commands like '...
- 509
0
votes
1
answer
572
views
How to automate fuzzing in ZAP?
We have a requirement as below to automate in ZAP
Go through POST request in ZAP tool
Identify values which got posted in Request tab
Highlight the value passed(for example: to textarea field) and ...
- 509
1
vote
1
answer
357
views
How to Disable HTTP protocol for OPTIONS Verb?
In our application(Deployed in IIS), we have enabled only HTTPS(Disabled HTTP access).
While accessing API endpoint using http protocol with OPTIONS verb, its returning 200 Ok response.
How to fix?
0
votes
0
answers
159
views
Is it possible to link Owasp Zap and Browserstack,Crossbrowsertesting.com or SeleniumGrid?
Details:
Currently I used Owaspzap with a connection to Postman, and via the api in the local area. But we also want to connect to Browserstack or Crossbrowsertesting.com to test our mobile pages for ...
- 79
1
vote
1
answer
848
views
ZAP security testing in Mobile - unable to launch app or browser via connected wifi after changing Proxy to manual in mobile ( both android and IOS )
First I did the below mentioned steps:
"
First you need to install the certificate in your mobile device for ZAP to record it. You can do that by following steps:
Open ZAP
Go to Tools
Click in ...
- 13
0
votes
1
answer
98
views
Api automation,Load testing and Security testing Do one project
I want to do API automation and load testing and security testing at the same time using one project. What kind of tool or technology can I use to implement that project?
0
votes
1
answer
4k
views
Information in .well-known/openid-configuration page is exposed to internet, a security concern?
I am doing a security scan of a client and observed they have implemented OpenID. While reading up I came to know about this URL .well-known/openid-configuration, which has good amount of information(...
0
votes
1
answer
161
views
DAST security scaning of a IoT Nodemcu esp8266 LUA script www HTML server connected to camera and A/C relay
I have not, but shall DAST* security test, out of curiosity, an IoT device; Nodemcu esp8266 www server I built. It's showing a HTML page (on a mobile phone for example) that allows to control and ...
- 126
1
vote
1
answer
2k
views
Does sonarqube community edition provide any sort of static application security testing
We use sonarqube community edition and though it workes great for static code analysis, i don't see anything much significant when it comes to security analysis. It does flag security vulnerabilities ...
- 1,649