5

The requirement is to perform OWASP ZAP scan for a website that requires authentication in Azure DevOps release pipeline. Unable to find ways to perform this for an authenticated webpage. Please guide me on this. I could find ways of using OWASP ZAP Scanner extension from Azure DevOps marketplace, but unable to find proper instructions on how to configure it with authentication in pipeline.

Thanks in advance.

Sneha Dominic
  • 368
  • 2
  • 14
  • I am also following , how to perform testing authentication mode using OWASP ZAP with Azure DevOps pipeline, simple task added in pipeline and it show result but its performs 'un authentication testing' – Saad Awan May 17 '22 at 04:48
  • 1
    Sneha Dominic, if you find some solution please share it as well. – Saad Awan May 17 '22 at 04:51
  • From what I managed to find on the web, it is required to use script-based auth-n to perform logging in using SSO with AAD. Actually that seem to be the easiest part - a Standalone js script was created and using Selenium I was able to log in actually. But then come the trickiest part - how to retrieve the token (cookies) and then pass them correctly to each requests. – Volodymyr Molodets Jan 30 '23 at 16:02
  • I tried experimenting with approach suggested here https://www.devonblog.com/continuous-delivery/owasp-zap-for-apis-using-custom-script-based-authentication/ but still no luck. – Volodymyr Molodets Jan 30 '23 at 16:05

0 Answers0