Open binarymist opened 3 years ago
compose_pt-net
network and you have run local
Test Runs with PurpleTeam successfully against NodeGoat locallycompose_pt-net
network and you have run local
Test Runs with PurpleTeam successfully against the API SUT locally. Now we know we're completely happy with the API SUT
terragrunt apply
) for you. If you do decide you want to get a cheap domain and free AWS account, you'll also need to workout how to persist your Terraform state, we do this on Terraform Cloud (free), but you could just as easily do it locally, it really doesn't matter how you do itBasically anything, or as many as possible that Zaproxy supports, there are quite a few Zap resources now. Google does well at listing them.
Basically we want to support as many as possible.
OpenAPI | SOAP | GraphQL | Import URLs | Script Based Authentication | JSON Based Authentication | HTTP/NTLM based authentication | Active | Stars | Pull Requests | Issues | Contributors | Tested Locally | Comments | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
[Recent commits or Active PRs/Issues] | [main/minor] | |||||||||||||
crAPI | ✓ | ✓ | ✓ | 249 | 3 (51 closed) | 6 (21 closed) | 1 main / 6 | ✓ | ||||||
juice-shop | ✓ | ✓ | ✓ | ✓ | 7000 | 0 ((1121 close) | 2 (708 closed) | 14 main / 77 | ✓ | |||||
Damn-Vulnerable-GraphQL-Application | ✓ | ✓ | ✓ | ✓ | 1000 | 0 (38 closed) | 1 (18 closed) | 2 main / 1 | https://notepad.pw/code/5pa89yk6 as described in Slack | |||||
vuln-graphql-ruby | ✓ | ✓ | ✓ (apr'21) | 0 | 4 (0 closed) | 0 (0 closed) | 2 main | |||||||
poc-graphql | ✓ | ✓(sep'20) | 339 | 0 | 0 | 1 main | ||||||||
VAmPI | ✓ | ✓ | ✓ | ✓ | 275 | 0 (12 closed) | 1 (7 closed) | 2 main / 1 | ✓ | |||||
Vulnerable-Web-Services | ✓ | ✓ | No | 6 | 0 | 0 | 1 main | |||||||
vulny-spring-soap-api | ✓ | ✓ | ✓ | No | 0 | 0 | 0 | 2 main | ||||||
vulnerable-graphql-api | ✓ | ✓ | ✓ | No | 36 | 0 | 0 | 2 main | ||||||
Pixi | ✓ | ✓ | ✓ | No | 54 | 2(2 closed) | 23(7 closed) | 2 main | ||||||
parabank | ✓ | ✓ | Yes | 31 | 30(29 closed) | 3(3 closed) | 2 main |
SUT Resources
Mentioned by Nicholas Tolstoshev on #project-zap of OWASP Slack
Mentioned by @ricekot on #project-zap of OWASP Slack
Mentioned by @kingthorin_rm on #project-zap of OWASP Slack
Mentioned by @Kinnaird McQuade on #project-zap of OWASP Slack