In a previous post I gave a brief introduction to ZAP and showed how to check your application for security vulnerabilities. I strongly recommend that post before continuing this post. Here is the link for the previous post. In this post I will show how you can perform attacks when there is authentication for the application and how to create a command line tool using the REST API given by the ZAP developers.
When there is authentication needed in the application there are some additional steps that should carried on before attacking using the ZAP tool. A wonderful tutorial has given by the Cosmin Stefan, one of the developers of the OWASP ZAP tool.
Now lets see how to gain the advantage of REST API given by the ZAP developers. Of course you can do the same functions using the GUI application. But in some occasions a command line tool is better than a GUI application. For example consider you want to integrate this with your continuous integration environment (Jenkins, Bamboo). Here is the steps for doing the same functions using REST API calls.
Consider following is the url of your application. URL = http://example.com
1.Create a new Context (Creates a new context called “test”)