Add alpha and beta active/passiv scan rules

[wurstbrot]

This is a feature to add alpha/beta scan rules request in form of a pull request (which can be declined).

Alpha/Beta relates to how useful from ZAPs point of view they are for general public.

Please be aware that this might enhances the False Positive rate.

(Active) Scan Rules Beta (the other rules are located in the navigation on the right): https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesBetaAscanbeta

The source for the active scan rule beta is located at https://github.com/zaproxy/zap-extensions/tree/beta/src/org/zaproxy/zap/extension/ascanrulesBeta

[rseedorff]

Hi Timo,

thx for your PR! Maybe we can combine this with your issue #29. What would be really cool if we introduce a new environment variable which can be used to extend the ZAP process with additional plugins...

So if you start the stack with a docker-compose.yml like:

scanner-webapplication-zap:
      image: securecodebox/zap:v0.9.0
      depends_on:
        - engine
      networks:
        - frontend
      labels:
        container_group: scanner
      environment:
      - ENGINE_ADDRESS=http://engine:8080
      - ZAP_PLUGINS="-addoninstall soap -addoninstall openapi"

[J12934]

Hi Timo,

thx for your PR! Maybe we can combine this with your issue #29. What would be really cool if we introduce a new environment variable which can be used to extend the ZAP process with additional plugins...

So if you start the stack with a docker-compose.yml like:

scanner-webapplication-zap:
      image: securecodebox/zap:v0.9.0
      depends_on:
        - engine
      networks:
        - frontend
      labels:
        container_group: scanner
      environment:
      - ENGINE_ADDRESS=http://engine:8080
      - ZAP_PLUGINS="-addoninstall soap -addoninstall openapi"

That's a cool idea. I'll merge this PR now anyway, as the additional active scan rules will come probably come handy for most people.