Skip to content

Commit

Permalink
feat: update community articles and add DAST pipeline documentation
Browse files Browse the repository at this point in the history
Signed-off-by: HAHWUL <hahwul@gmail.com>
  • Loading branch information
hahwul committed Nov 11, 2024
1 parent fd712d7 commit 26de192
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 10 deletions.
3 changes: 2 additions & 1 deletion docs/_advanced/tips/community-articles.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ layout: page

* [Hello Noir 👋🏼 by HAHWUL](https://www.hahwul.com/2023/08/03/hello-noir/)
* [API Attack Surface Detection using Noir by DANA EPP](https://danaepp.com/api-attack-surface-detection-using-noir)
* [Exploring OWASP Noir's PassiveScan by HAHWUL](https://www.hahwul.com/2024/11/03/passivescan-in-owasp-noir/)
* [Exploring OWASP Noir's PassiveScan by HAHWUL](https://www.hahwul.com/2024/11/03/passivescan-in-owasp-noir/)
* [Powering Up DAST with ZAP and Noir by ZAP Blog](https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/)
33 changes: 33 additions & 0 deletions docs/_advanced/tips/pipeline-for-dast.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
title: Pipeline for DAST
parent: Tips
has_children: false
nav_order: 3
layout: page
---

## Proxy Tool Integration

This command automates the use of a proxy tool in a security testing pipeline. noir is used with the `-b` option to specify the base directory (.) and -u to target a local application (http://localhost.hahwul.com:3000). The --send-proxy parameter directs traffic to a proxy server running on http://localhost:8090. This setup allows for monitoring and intercepting HTTP requests through tools like ZAP, Caido, or Burp Suite during the testing process.

```bash
noir -b . -u http://localhost.hahwul.com:3000 --send-proxy "http://localhost:8090"
```

## ZAP Integration

The process begins with endpoint discovery using noir, which scans the application source code in the specified directory (~/app_source), generates an OpenAPI specification (doc.json), and saves it in JSON format.

Next, the doc.json file is used in an automated ZAP scan. The zap.sh script, with the `-openapifile` option, loads the generated endpoints and uses `-openapitargeturl` to specify the target URL for testing. The `-cmd` and `-autorun` options allow for automated execution of ZAP commands based on zap.yaml, along with any additional configuration parameters. This setup enables comprehensive vulnerability assessment across discovered endpoints in the target application.

```bash
# Discovering endpoints
noir -b ~/app_source -f oas3 --no-log -o doc.json

# Automation scan with endpoints
./zap.sh -openapifile ./doc.json \
-openapitargeturl <TARGET> \
-cmd -autorun zap.yaml <any other ZAP options>
```

For further details on integrating Noir and ZAP for enhanced DAST capabilities, refer to the [Powering Up DAST with ZAP and Noir](https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/) ZAP blog post.
9 changes: 0 additions & 9 deletions docs/_advanced/tips/pipeline.md

This file was deleted.

0 comments on commit 26de192

Please sign in to comment.