This project is an example of how you can security scan an API
The following technologies should be installed on your system.
- Java JDK 11
- Maven 3
- ZAP docker
- Java
- Maven
ZAP needs to be instantiated before executing the test
List of policies that can be used in scan.
| ldap-injection |
| remote-file-inclusion |
| parameter-pollution |
| insecure-http-methods |
| server-side-code-injection |
| SOAP XML Injection |
| el-injection |
| script-active-scan-rules |
| server-side-include |
| source-code-disclosure |
| shell-shock |
| crlf-injection |
| padding-oracle |
| external-redirect |
| xpath-injection |
| cross-site-scripting |
| remote-code-execution |
| sql-injection |
| remote-os-command-injection |
| path-traversal |
| parameter-tampering |
| directory-browsing |
| xml-external-entity |