dast-zap
SKILL.md
DAST with OWASP ZAP
Overview
OWASP ZAP (Zed Attack Proxy) is an open-source DAST tool that acts as a manipulator-in-the-middle proxy to intercept, inspect, and test web application traffic for security vulnerabilities. ZAP provides automated passive and active scanning, API testing capabilities, and seamless CI/CD integration for runtime security testing.
Quick Start
Baseline Scan (Docker)
Run a quick passive security scan:
docker run -t zaproxy/zap-stable zap-baseline.py -t https://target-app.com -r baseline-report.html