[Owasp-community] Mapping Zap Attack Proxy (ZAP) Add-ons to test Owasp Top 10 Risks

Mariston mariston at gmail.com
Sat Oct 18 21:54:42 UTC 2014

Hello, i was wondering if has anyone managed to map the ZAP Add-ons to each
one of the Owasp Top 10 Risks. I have found an article which says i can
test my web application mostly with automated tools, but there are many
add-ons inluding the ones in the marketplace:

But this article only says i can do the job by using the "Active Scan
Rules" and some manually, of course. I am willing to scan my application in
an advanced way by selecting the addons corresponding to each risk. I would
be glad if someone could enlighten me on this, thanks.

I am using the Owas Top 10 (2013) and have mapped my tools according to the
list bellow:

A1: Zed Attack Proxy (ZAP)
A2: Zed Attack Proxy (ZAP)
A3: Zed Attack Proxy (ZAP)
A4: Zed Attack Proxy (ZAP)
A5: OpenVAS
A6: Qualys SSL Server Test
A7: OpenVAS
A8: Zed Attack Proxy (ZAP)
A9: OpenVAS
A10: Zed Attack Proxy (ZAP)

Mariston Hanzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-community/attachments/20141018/259fa03d/attachment.html>

More information about the Owasp-community mailing list