问题
I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type.
I want to run security scan using ZAP tool and I am not able to automate the process of getting OAuth Token used by the requests.
I am using SoapUI to record the APIs in ZAP which works very fine. But when the token expires, I have to re-record or edit token manually after retrieving it using SoapUI or PostMan.
A kind request to provide steps in little bit detail.
Please let me know if more details are required.
Any help will be really appreciated
回答1:
I was able to find the solution for this. Posting the solution here as well, please refer following URL:
https://groups.google.com/forum/#!searchin/zaproxy-users/Sam%7Csort:relevance/zaproxy-users/HJZ8gxk17M8/5WQuD7t3AAAJ
来源:https://stackoverflow.com/questions/37925008/automate-oauth-access-token-for-zed-attack-proxy-scans