OAST with ZAP - Presentation Resources
Blog Posts about ZAP and OAST
Name / Link | Description |
---|---|
Levelling up ZAP with OAST | Introductory post about OAST and ZAP. |
ZAP OAST: Basic Design Decisions | Design decisions taken at the time of development of the OAST add-on. |
OAST with OWASP ZAP | The OAST Add-on GUI and Scripting APIs. |
Log4Shell Detection with ZAP | Detecting Log4Shell Vulnerabilities with the OAST add-on. |
ZAP SSRF Setup | Configuring the Callback Service for SSRF Attacks. |
Documentation
ZAP OAST Add-on Desktop User Guide |
Interactsh GitHub Repository |
BOAST GitHub Repository |
ZAP Scan Rules that use OAST
Log4Shell Scan Rule |
XML External Entity Scan Rule |
Out-of-band XSS Scan Rule |
More Reading Resources
OAST (Out-of-band Application Security Testing) | Blog - PortSwigger |
Introducing Burp Collaborator | Blog - PortSwigger |