OAST with ZAP - Presentation Resources
Blog Posts about ZAP and OAST
| Name / Link | Description |
|---|---|
| Levelling up ZAP with OAST | Introductory post about OAST and ZAP. |
| ZAP OAST: Basic Design Decisions | Design decisions taken at the time of development of the OAST add-on. |
| OAST with OWASP ZAP | The OAST Add-on GUI and Scripting APIs. |
| Log4Shell Detection with ZAP | Detecting Log4Shell Vulnerabilities with the OAST add-on. |
| ZAP SSRF Setup | Configuring the Callback Service for SSRF Attacks. |
Documentation
| ZAP OAST Add-on Desktop User Guide |
| Interactsh GitHub Repository |
| BOAST GitHub Repository |
ZAP Scan Rules that use OAST
| Log4Shell Scan Rule |
| XML External Entity Scan Rule |
| Out-of-band XSS Scan Rule |
More Reading Resources
| OAST (Out-of-band Application Security Testing) | Blog - PortSwigger |
| Introducing Burp Collaborator | Blog - PortSwigger |