diff --git a/docs/_advanced/tips/community-articles.md b/docs/_advanced/tips/community-articles.md index 828a7847..ae7dbd80 100644 --- a/docs/_advanced/tips/community-articles.md +++ b/docs/_advanced/tips/community-articles.md @@ -8,4 +8,5 @@ layout: page * [Hello Noir 👋🏼 by HAHWUL](https://www.hahwul.com/2023/08/03/hello-noir/) * [API Attack Surface Detection using Noir by DANA EPP](https://danaepp.com/api-attack-surface-detection-using-noir) -* [Exploring OWASP Noir's PassiveScan by HAHWUL](https://www.hahwul.com/2024/11/03/passivescan-in-owasp-noir/) \ No newline at end of file +* [Exploring OWASP Noir's PassiveScan by HAHWUL](https://www.hahwul.com/2024/11/03/passivescan-in-owasp-noir/) +* [Powering Up DAST with ZAP and Noir by ZAP Blog](https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/) \ No newline at end of file diff --git a/docs/_advanced/tips/pipeline-for-dast.md b/docs/_advanced/tips/pipeline-for-dast.md new file mode 100644 index 00000000..b7da50f0 --- /dev/null +++ b/docs/_advanced/tips/pipeline-for-dast.md @@ -0,0 +1,33 @@ +--- +title: Pipeline for DAST +parent: Tips +has_children: false +nav_order: 3 +layout: page +--- + +## Proxy Tool Integration + +This command automates the use of a proxy tool in a security testing pipeline. noir is used with the `-b` option to specify the base directory (.) and -u to target a local application (http://localhost.hahwul.com:3000). The --send-proxy parameter directs traffic to a proxy server running on http://localhost:8090. This setup allows for monitoring and intercepting HTTP requests through tools like ZAP, Caido, or Burp Suite during the testing process. + +```bash +noir -b . -u http://localhost.hahwul.com:3000 --send-proxy "http://localhost:8090" +``` + +## ZAP Integration + +The process begins with endpoint discovery using noir, which scans the application source code in the specified directory (~/app_source), generates an OpenAPI specification (doc.json), and saves it in JSON format. + +Next, the doc.json file is used in an automated ZAP scan. The zap.sh script, with the `-openapifile` option, loads the generated endpoints and uses `-openapitargeturl` to specify the target URL for testing. The `-cmd` and `-autorun` options allow for automated execution of ZAP commands based on zap.yaml, along with any additional configuration parameters. This setup enables comprehensive vulnerability assessment across discovered endpoints in the target application. + +```bash +# Discovering endpoints +noir -b ~/app_source -f oas3 --no-log -o doc.json + +# Automation scan with endpoints +./zap.sh -openapifile ./doc.json \ + -openapitargeturl \ + -cmd -autorun zap.yaml +``` + +For further details on integrating Noir and ZAP for enhanced DAST capabilities, refer to the [Powering Up DAST with ZAP and Noir](https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/) ZAP blog post. \ No newline at end of file diff --git a/docs/_advanced/tips/pipeline.md b/docs/_advanced/tips/pipeline.md deleted file mode 100644 index ec993243..00000000 --- a/docs/_advanced/tips/pipeline.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Pipeline -parent: Tips -has_children: false -nav_order: 3 -layout: page ---- - -Coming Soon! \ No newline at end of file