OAST stands for Out-of-band Application Security Testing and is used to detect Out-Of-Band (OOB) vulnerabilities, which is not possible to do with a traditional HTTP request-response interaction. Although ZAP offers excellent DAST capabilities, it falls short when it comes to OAST.
This project aims to fill this gap. It will focus on integrating the BOAST service with ZAP via an add-on. Relevant OOB payloads sent to the target will allow BOAST to capture and process generated requests, enabling ZAP to detect and report on a new class of vulnerabilities.