What is OSWAP ZAP?
OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
Where to Download OSWAP ZAP?
Go to the below-mentioned link and download the Cross-Platform Package
https://github.com/zaproxy/zaproxy/wiki/Downloads
How to Integrate it With Selenium?
POM.XML
// This Method is to launch the zap
Security.java
OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
Where to Download OSWAP ZAP?
Go to the below-mentioned link and download the Cross-Platform Package
https://github.com/zaproxy/zaproxy/wiki/Downloads
How to Integrate it With Selenium?
POM.XML
<!-- https://mvnrepository.com/artifact/org.zaproxy/zap -->
<dependency>
<groupId>org.zaproxy</groupId>
<artifactId>zap</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>org.zaproxy</groupId>
<artifactId>zap-clientapi</artifactId>
<version>1.6.0</version>
</dependency>
</dependencies>
// This Method is to launch the zap
Security.java
public security(){
String os=System.getProperty("os.name").toLowerCase();
try {
if(os.contains("mac")||os.contains("linux")) {
r = Runtime.getRuntime();
p = r.exec(System.getProperty("user.dir")+"/Config/ZAP_2.7.0/zap.sh");
Thread.sleep(30000);
}
else if( os.contains("win")){
r = Runtime.getRuntime();
p = r.exec(System.getProperty("user.dir")+"/Config/ZAP_2.7.0/zap.bat");
Thread.sleep(30000); }
} catch(Exception e) {
System.out.println("Exception"+e);
}
}
Config.Properties
#Secuirty vulnerability : OSWSP ZED====================================ZED_HOSTIP=localhostZED_HOSTPORT=8089ZED_APIKEY=Put your zap key
Test.java
Proxy proxy = new Proxy();proxy.setHttpProxy(lib.getProperty("ZED_HOSTIP")+":"+lib.getProperty("ZED_HOSTPORT"));proxy.setFtpProxy(lib.getProperty("ZED_HOSTIP")+":"+lib.getProperty("ZED_HOSTPORT"));proxy.setSslProxy(lib.getProperty("ZED_HOSTIP")+":"+lib.getProperty("ZED_HOSTPORT"));DesiredCapabilities capabilities = DesiredCapabilities.chrome();capabilities.setCapability("proxy", proxy); System.setProperty("webdriver.chrome.driver", System.getProperty("user.dir") + lib.getProperty("MAC_CHROME"));WebDriver driver=new ChromeDriver(capabilities));driver.manage().timeouts().implicitlyWait(60, TimeUnit.SECONDS);driver.manage().window().maximize();//Write your selenium codedriver.close// Once the code is ran, Pull the report from zap and save it as html report. The below method will do that//Also place your directory path according, i used inbuild class to get the path using config.//The return type consist of html tag,to include it in report. Change the return type as per your needspublic String returnSecurityHtmlReport(){ try { ClientApi api = new ClientApi(lib.getProperty("ZED_HOSTIP").toString(), Integer.parseInt(lib.getProperty("ZED_HOSTPORT")));String result=new String(api.core.htmlreport(lib.getProperty("ZED_APIKEY")));FileOutputStream fop = null;File file;String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(Calendar.getInstance().getTime());securityReportFilePath=DirectoryCreator.returnReportDirectoryPath()+"/SecurityTesting-"+timeStamp+".html";file = new File(securityReportFilePath);fop = new FileOutputStream(file); // if file doesnt exists, then create itif (!file.exists()) { file.createNewFile(); } // get the content in bytes byte[] contentInBytes = result.getBytes();fop.write(contentInBytes);fop.flush();fop.close(); Document doc = Jsoup.parse(result); return returnTable("<a href=\"file:///"+securityReportFilePath+"\" target=“_blank” >Click to View Security Report</a>"); } catch (Exception e) { return "Not able to retrive html report from zap security tool"; } }