<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Nice!<br>
    </p>
    <p>Looking at the steps in the README.md, step 4 could be done
      programatically with the API, here is an example:
<a class="moz-txt-link-freetext" href="https://github.com/binarymist/NodeGoat/blob/master/test/security/profile-test.js#L20-L25">https://github.com/binarymist/NodeGoat/blob/master/test/security/profile-test.js#L20-L25</a></p>
    Complete solution details here along with the teaser video:
<a class="moz-txt-link-freetext" href="https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API">https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API</a><br>
    <br>
    Being demoed next at NodeConfEU:
    <a class="moz-txt-link-freetext" href="http://www.nearform.com/nodecrunch/nodeconf-eu-announcing-kim-carter/">http://www.nearform.com/nodecrunch/nodeconf-eu-announcing-kim-carter/</a><br>
    <br>
    Future demo: <a class="moz-txt-link-freetext" href="https://www.meetup.com/AucklandNodeJs/events/231037137/">https://www.meetup.com/AucklandNodeJs/events/231037137/</a><br>
    <br>
    Past demoed:<br>
    <ul>
      <li>NYC: <a class="moz-txt-link-freetext" href="https://www.meetup.com/owaspnycmetro/events/228716474/">https://www.meetup.com/owaspnycmetro/events/228716474/</a></li>
      <li>NZ:
<a class="moz-txt-link-freetext" href="https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/229985413/">https://www.meetup.com/OWASP-New-Zealand-Chapter-Christchurch/events/229985413/</a></li>
      <li>NZ: <a class="moz-txt-link-freetext" href="https://www.meetup.com/CHCH-JS/events/228078957/">https://www.meetup.com/CHCH-JS/events/228078957/</a><br>
      </li>
    </ul>
    <br>
    <br>
    <div class="moz-signature">
      <div> <img src="cid:part1.E334D78C.7F506D50@owasp.org"
          style="margin: 0 20px 20px 0; display: inline; float: left;">
        <div style="float: left; margin-top: 0px;">
          <p style="display:block; margin:0px; color:#4a5da1;
            font-size:16px; font-weight:800; margin: 0 0 5px 0;">Kim
            Carter</p>
          <p style="display:block; color:#4a5da1; font-size:12px;
            margin: 0 0 5px 0;">OWASP New Zealand Chapter Leader
            (Christchurch)</p>
          <p style="display:block; color:#4a5da1; font-size:12px;
            margin: 0 0 5px 0;">Author of <a
              href="https://leanpub.com/b/holisticinfosecforwebdevelopers"><b>Holistic
                Info-Sec for Web Developers</b></a></p>
          <p style="display:block; color:#4a5da1; margin: 0 0 5px 0;"> <abbr
              title="cellular phone" style="font-weight: 800">c:</abbr>
            <span> +64 274 622 607</span> </p>
        </div>
      </div>
    </div>
    <div class="moz-cite-prefix"><br>
      <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      On 08/10/16 23:31, Sherif Mansour wrote:<br>
    </div>
    <blockquote
cite="mid:CAMJg_ps8p6zDhtK6sF-Ye=86DhJRibRw5jtDnUj3MCN0+w8vJA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Hey Everyone,</div>
        <div><br>
        </div>
        <div>Over the summer I asked our intern to contribute to the
          OWASP ZAP Project.</div>
        <div>We agreed to focus on automation so that developers can run
          zap as part of their build tests.</div>
        <div><br>
        </div>
        <div>The code and instructions can be found here:</div>
        <div> <a moz-do-not-send="true"
href="https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration">https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration</a></div>
        <div><br>
        </div>
        <div>FYI I strongly encourage my peers to leverage interns to
          contribute to OWASP projects of their interest. </div>
        <div>This will help you assess your intern, but also give them
          something fun, open source, and knowing it will help the wider
          community will motivate them as well.</div>
        <div><br>
        </div>
        <div>I have added snapshots below to explain the approach we
          took, hope it helps.</div>
        <div><b><br>
          </b></div>
        <div><b>1) Here is a workflow diagram of what we were trying to
            achieve</b></div>
        <img src="cid:part4.CECE38C6.3855B202@owasp.org" alt="Inline
          image 1" height="282" width="544">
        <div><br>
          <div>
            <div><b>2) Once Setup you can run ZAP headless in a CI/CD
                Pipeline with a command like this:</b></div>
            <div><br>
            </div>
            <div><img src="cid:part5.C1C04B27.E6803351@owasp.org"
                alt="Inline image 2" height="411" width="536"><br>
            </div>
            <div><b>3) You could also set restrictions on which
                vulnerabilities to fail/ignore/pass a build</b></div>
            <div><img src="cid:part6.379FE13F.FB176699@owasp.org"
                alt="Inline image 5" height="423" width="552"><br>
            </div>
            <div><b>4) And you can add additional settings like the
                pushing results into Jira (bugtracker), the max duration
                a scan/spider should tak, and login credentials of the
                scanned webapps.</b></div>
            <div><img src="cid:part7.B2D9CDA8.7AEBC711@owasp.org"
                alt="Inline image 6" height="390" width="562"><br>
            </div>
            <div><b>5) Here is what a report looks like in Jira (note if
                the webapp passes the test, the jira ticket will be
                created and automatically be closed as well).</b></div>
            <div><br>
            </div>
            <div><img src="cid:part8.6273F35E.ACF6AD2E@owasp.org"
                alt="Inline image 3" height="445" width="491"><br>
            </div>
          </div>
        </div>
        <div><br>
        </div>
        <div>Kind regards</div>
        <div>Sherif Mansour</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>