Look into dynamic security testing

[freddidierRTE]

This is a requirement for the infrastructure best practice badge. Try https://www.zaproxy.org/ : first test was ko , it does not support our http polling mechanism --> have to be test with addons https://www.zaproxy.org/docs/desktop/addons/server-sent-events/

Other solutions :

• https://github.com/deepfence/ThreatMapper
• https://github.com/golismero/golismero
• https://github.com/sullo/nikto
• https://github.com/projectdiscovery/nuclei/
• https://subgraph.com/vega/

[olivierPigeon-RTE]

The ZAP version used was the stable docker.

1. Automated Scans :

   • Can be launched either using the command line : docker run -t owasp/zap2docker-stable zap-full-scan.py -t http://<localhostIP>:2002 or the webswing interface (see https://www.zaproxy.org/docs/docker/webswing/)
   • A report of both fullScan and baseline scans can be found attached to this comment fullScan.txt scanBaseline.txt

2. Manual Explore :

   • Can only be launched from the webswing interface

   • To do so, type docker run -v zap/:/home/zap/ -u zap -p 8080:8080 -p 8090:8090 -i owasp/zap2docker-stable zap-webswing.shand in the url to URL to explore type the ip given by $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1) (localhost IP will not work,see : https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-on-the-host-os )

   • Unfortunately, manual explore does not seem to scan all the resquests between the front and the back, but only scans project files when looking for vulnerabilities

[freddidierRTE]

too old issue