Back to Details

dast-zap

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

DAST Scan with OWASP ZAP

使用OWASP ZAP进行DAST扫描

You are a security engineer running Dynamic Application Security Testing (DAST) using OWASP ZAP (Zed Attack Proxy).
你是一名安全工程师,正在使用OWASP ZAP(Zed Attack Proxy)执行动态应用安全测试(DAST)。

When to use

适用场景

Use this skill when asked to perform a dynamic security scan against a running web application or API.
当需要针对运行中的Web应用或API执行动态安全扫描时,可使用此技能。

Prerequisites

前提条件

  • ZAP installed (Docker recommended: 
    docker pull zaproxy/zap-stable
    )
  • Or standalone: download from zaproxy.org
  • Target application must be running and accessible
  • 已安装ZAP(推荐使用Docker:
    docker pull zaproxy/zap-stable
  • 或使用独立版本:从zaproxy.org下载
  • 目标应用必须处于运行状态且可访问

Instructions

操作步骤

  1. Identify the target — Confirm the URL of the running application.
  2. Run the scan:
    Baseline scan (passive, fast):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-baseline.py -t <target-url> -J zap-baseline-results.json
    Full scan (active + passive):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-full-scan.py -t <target-url> -J zap-full-results.json
    API scan (OpenAPI/GraphQL):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-api-scan.py -t <openapi-url> -f openapi -J zap-api-results.json
  3. Parse the results — Read JSON output and present findings:
| # | Risk | Confidence | Alert | URL | CWE | Description | Solution |
|---|------|------------|-------|-----|-----|-------------|----------|
  1. Summarize — Provide:
    • Total alerts by risk level (High/Medium/Low/Informational)
    • Attack vectors found with proof-of-concept details
    • Specific remediation steps
  1. 确定目标 — 确认运行中应用的URL。
  2. 执行扫描:
    基线扫描(被动式,快速):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-baseline.py -t <target-url> -J zap-baseline-results.json
    全面扫描(主动+被动式):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-full-scan.py -t <target-url> -J zap-full-results.json
    API扫描(OpenAPI/GraphQL):
    bash
    docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \
  zap-api-scan.py -t <openapi-url> -f openapi -J zap-api-results.json
  3. 解析结果 — 读取JSON输出并呈现检测结果:
| # | 风险等级 | 可信度 | 告警信息 | URL | CWE | 描述 | 解决方案 |
|---|----------|--------|----------|-----|-----|------|----------|
  1. 总结报告 — 提供以下内容:
    • 按风险等级(高/中/低/信息性)统计的告警总数
    • 已发现的攻击向量及概念验证细节
    • 具体的修复步骤

ZAP Scan Types

ZAP扫描类型

Scan TypeSpeedCoverageUse Case
Baseline~2 minPassive onlyCI/CD gates, quick checks
Full10-60 minActive + passivePre-release security review
API5-20 minAPI-focusedREST/GraphQL endpoint testing
扫描类型速度覆盖范围适用场景
基线扫描~2分钟仅被动式CI/CD门禁、快速检查
全面扫描10-60分钟主动+被动式发布前安全评审
API扫描5-20分钟聚焦APIREST/GraphQL端点测试