search

bcgov / digital.gov.bc.ca

Helping the digital government community deliver better digital services for the people and priorities of British Columbia.
https://digital.gov.bc.ca/
Apache License 2.0
13 stars 8 forks source link

Implement Zap Scanner #186

Closed HeatherRemacle closed 3 years ago

HeatherRemacle commented 3 years ago

https://www.zaproxy.org/

nmathava commented 3 years ago

Patrick helped us to complete the Privacy document. Following notes were added part of the STRA questionnaire and STRA Lite. This is a reminder for the development team to contact Patrick to get more details on this ticket.

STRA Lite A vulnerability scanning was scheduled for a zap scan (automated) for August 11th.
(This zap scan will perform vulnerability scanning as well as penetration testing) It will be automated so that it can be run by any of the developers during their workflow. STRA Questionnaire A ZAP scan has been completed and sent to the Security Analyst. The results were provided to IPS and no critical vulnerabilities were identified. With each sprint more of the identified vulnerabilities are remediated and another Zap scan is done. At the time of writing, the remaining two medium vulnerabilities(one of which does not apply) will be addressed prior to the production release.

Document link below:

https://teams.microsoft.com/_#/files/digital.gov.bc.ca?threadId=19%3Af78c23767e214080840d1b7e37bd91d7%40thread.tacv2&ctx=channel&context=Privacy&rootfolder=%252Fteams%252F00109-digital.gov.bc.ca%252FShared%2520Documents%252Fdigital.gov.bc.ca%252FPrivacy

HeatherRemacle commented 3 years ago

Please chat with Patrick on the value/effort required for implementing this.

parulmishra commented 3 years ago

Demoed the work done for zap scanner to @mark-a-wilson

mark-a-wilson commented 3 years ago

Yup - confirmed - it was pretty cool!