I want to check the quality of login page validation. So can I use OWASP zap to achieve this. I want to regonice the weak password as well as generation of weak session tokens, error messages and etc. Is it possible in Zed Attack Proxy
how can we use OWASP ZAP tool to check the validation quality of an application
1.3k Views Asked by AudioBubble At
2
There are 2 best solutions below
0
On
You can perform analysis of session tokens (etc) via the TokenGen addon.
You can add it via the ZAP Marketplace:
Once added, right click the request/response for which you want to generate/analyze tokens (in either the Sites Tree or History tab) and select "Generate Tokens...". Specify the URL, Form, or Cookie parameter you care about. ZAP will collect the tokens and provide an analysis.
Further help content is available here:
You can use Zap passive scan for some of those things. If you share more information about your setup, I can help you with adding Zap to your CI.
Please note that Zap could not help you configure a password policy. It is not a good practice to run Zap in production. So I would not use it to test live user password quality.