#17 Added ZAP examples for full scans attacking the demo-targets

Author: rfelber

scanners/zap/examples/demo-bodgeit-full-scan/findings.yaml

@@ -0,0 +1,19 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "zap-full-scan-bodgeit"
+  labels:
+    organization: "OWASP"
+spec:
+  scanType: "zap-full-scan"
+  parameters:
+    # target URL including the protocol
+    - "-t"
+    - "http://bodgeit.demo-apps.svc:8080"
+    # include the alpha active and passive scan rules as well
+    - "-a"                
+    # show debug messages
+    - "-d"
+    # the number of minutes to spider for (default 1)
+    - "-m"
+    - "3"

scanners/zap/examples/demo-bodgeit-full-scan/scan.yaml

@@ -0,0 +1,22 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "zap-full-scan-juiceshop"
+  labels:
+    organization: "OWASP"
+spec:
+  scanType: "zap-full-scan"
+  parameters:
+    # target URL including the protocol
+    - "-t"
+    - "http://juice-shop.demo-apps.svc:3000"
+    # include the alpha active and passive scan rules as well
+    - "-a"                
+    # show debug messages
+    - "-d"
+    # use the Ajax spider in addition to the traditional one
+    - "-j"                
+    # the number of minutes to spider for (default 1)
+    - "-m"
+    - "3"
+        

scanners/zap/examples/demo-bodgeit-full-scan/zap-results.json

@@ -0,0 +1,20 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "zap-api-petstore"
+  labels:
+    organization: "OWASP"
+spec:
+  scanType: "zap-baseline"
+  parameters:
+    # target URL including the protocol
+    - "-t"
+    - "http://swagger-petstore.demo-apps.svc"
+    # show debug messages
+    - "-d"
+    # use the Ajax spider in addition to the traditional one
+    - "-j"                
+    # the number of minutes to spider for (default 1)
+    - "-m"
+    - "3"
+