Name: Sec Zap Dast Integration
Author: jcorpac

OWASP ZAP DAST Integration

This skill helps users integrate Dynamic Application Security Testing (DAST) into their workflow using OWASP ZAP. DAST identifies runtime vulnerabilities that static analysis might miss, strongly addressing A02:2025 (Security Misconfiguration), A05:2025 (Injection), and client-side issues.

Usage

Use this skill when the user wants to test a running instance of their application or needs help deciphering a ZAP scan report.

Example Triggers:

"How do I run a baseline ZAP scan against my local dev server using Docker?"
"I have a ZAP JSON report. Can you analyze the findings and tell me how to fix the Cross-Site Scripting (XSS) warnings?"

Workflow

Integration Assistance: If the user is setting up ZAP, provide the necessary commands. Emphasize using the official Docker images for ease of use.
- Baseline Scan Example: docker run -t owasp/zap2docker-stable zap-baseline.py -t http://host.docker.internal:8080/

Sec Zap Dast Integration

Sec Zap Dast Integration

OWASP ZAP DAST Integration

Usage

Workflow

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security