OAST with ZAP - Presentation Resources


Blog Posts about ZAP and OAST

Name / Link Description
Levelling up ZAP with OAST Introductory post about OAST and ZAP.
ZAP OAST: Basic Design Decisions Design decisions taken at the time of development of the OAST add-on.
OAST with OWASP ZAP The OAST Add-on GUI and Scripting APIs.
Log4Shell Detection with ZAP Detecting Log4Shell Vulnerabilities with the OAST add-on.
ZAP SSRF Setup Configuring the Callback Service for SSRF Attacks.

Documentation

ZAP OAST Add-on Desktop User Guide
Interactsh GitHub Repository
BOAST GitHub Repository

ZAP Scan Rules that use OAST

Log4Shell Scan Rule
XML External Entity Scan Rule
Out-of-band XSS Scan Rule

More Reading Resources

OAST (Out-of-band Application Security Testing) | Blog - PortSwigger
Introducing Burp Collaborator | Blog - PortSwigger