Automating Security Testing of web applications using OWASP Zed Attack Proxy in Jenkins
Automating Security Testing of web applications is not an easy task. Recently, I tried following OWASP Zed Attack Proxy(ZAP) with Jenkins to automate the Security testing for an application I have developed. After trying everything with the help of various sources I was able to completely automate the testing process.
This post summarizes steps I have followed to automate the testing.
Jenkins is an extensible automation server, we can deploy Jenkins war file inside any server and using its plugin architecture, we can use it for various purposes.
The ZAP is one of the world’s most popular free security tools . It can help you automatically find security vulnerabilities in your web applications.
I have deployed Jenkins 1.651.2.war inside my tomcat server to do this testing.
Manage jenkins → Manage plugins → Available
2. Configuring the ZAP
This can be done in two ways, if you are using ZAP for the first it is recommended to do the configuration from source code of the ZAP which is available…