Authentication helper add-on for ZAP
- Mentors
- Rick M, Ricardo Pereira
- Organization
- OWASP Foundation
ZAP allows the penetration tester to set up authentication for the web application being tested. This allows ZAP to run tests from the point of an authenticated user. This is an excellent feature as with the ability of session management and automatic (re)authentication ZAP can check for vulnerabilities that are hidden in authorized resources. This is also a good feature to test broken authentication and session management.
However, as of now setting up authentication in ZAP is a multi-step process [1]. It is time-consuming and error-prone. This project targets to resolve this problem by adding three new features to ZAP.
- Automated configuration
- Guided configuration
- Authentication status scanning