Computers, Programming, Technology, Music, Literature

Posts Tagged ‘owasp zap dot net api

N Different Strategies to Automate OWASP ZAP – OWASP APPSec BUCHAREST – Oct 13 2017

leave a comment »

https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_0101_talks

In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP’s API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.
This is a demonstration oriented talk that explains OWASP ZAP automation strategies for Security Testing by example.

 

 

Advertisements

N Different Strategies to Automate OWASP ZAP – Cybersecurity WithTheBest – Oct 15 2017

leave a comment »

http://cybersecurity.withthebest.com

In this talk we will explore the many different ways of automating security testing with the OWASP Zed Attack Proxy and how it ties to an overall Software Security Initiative. Over the years, ZAP has made many advancements to its powerful APIs and introduced scripts to make security automation consumable for mortals. This talk is structured to demonstrate how ZAP’s API, and scripts could be integrated with Automated Testing frameworks beyond selenium, Continuous Integration and Continuous Delivery Pipelines beyond Jenkins, scanning authenticated parts of the application, options to manage the discovered vulnerabilities and so on with real world case studies and implementation challenges.

 

 

 

OWASP ZAP Development – Fixing the Can’t find bundle for base name lang.Messages error

leave a comment »

 

I have been generating the API files for OWASP ZAP DOT NET API since the inception. There is the core zaproxy project that has the DotNetAPIGenerator.java class. And there is the extensions project, including the beta and alpha.

image

Now, when I tried to generate the ‘non-optional’, i.e., the core API files for .Net, everything would work fine, the API files would be generated as below.

 

image

OWASP ZAP is internationalized, so the source code comes with a bunch of resource bundles with supporting language files.

When you try to generate the API files for the extensions project, you get this wonderful error message.

Exception in thread "main" java.util.MissingResourceException: Can’t find bundle for base name lang.Messages, locale en at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1564) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1387) at java.util.ResourceBundle.getBundle(ResourceBundle.java:890) at org.zaproxy.zap.extension.api.AbstractAPIGenerator.(AbstractAPIGenerator.java:68) at org.zaproxy.zap.extension.api.JavaAPIGenerator.(JavaAPIGenerator.java:81) at org.zaproxy.zap.extension.ApiGenerator.main(ApiGenerator.java:73)

 

image

I have fixed this error message before when I was trying to generate the api files back in 2015. Running in debug mode and stepping through pointed out that the zaproxy core project had the resource files under a directory that was not available to the extensions project.

This error was gruesome.

In the end all I had to do was copy the contents of the workspaceowaspzap\zaproxy\src\lang directory to workspaceowaspzap\zap-extensions\bin\lang

That’s it. Do the same thing for the alpha, and beta extensions’ bin directory too.

 

image

Cheers. Try the OWASP ZAP DOT NET API available at nuget.org.

Written by gmaran23

March 22, 2017 at 1:46 am