I am using OWASP ZAP and i have 2 urls namely A and B and these URL should be passed like A,B as first request and second request A,B.if this order goes wrong i get privilage error which ultimately fails my test as owasp zap wont be able to deliver result properly.
Could someone help me on how to execute it sequentially.\
I referred the https://zapmultistep.wordpress.com/ but unfortunately it doesnt help.could anyone help me understand in detail.
Is it possible to do parametrization in owasp zap ,if so could you please explain in detail
Related
I want to develop an action to google assistant. So i red the documentation here https://developers.google.com/assistant/conversational/overview and i followed this tutorial https://www.youtube.com/watch?v=Z1hxvniJ18s
It s worked and i was allow to develop and test my app in the simulator. The problem is that when it's come to webhook i don't totaly understand how it's work. On the webhook icon i got this
The seconde one allow me to use Google cloud function and firebase but i had to add my billing account to make it available. I also get a console where i can code my fonctions and my responses.
And if i am correct, the first one allow me to connect to my own Api. But i can only enter one field that is the URL adresse and nothing else so how do i code it? Also i see everywhere people using node.js and i would like to use php is it possible?
To sum up my problem, i would like to know how i could connect my action builder to an other service(Api) than google ones? If it's possible to run my server in php and how do i interact with my google action?(I think it's by sending json back and forth but i'am not sure how to do it?) Finally i would like to know if it's possible to test it in local server with mamp and phpmyadmin for exemple to test the answer of the server?
I would be very grateful if someone could help me, show me how to set up all this.
But i can only enter one field that is the URL adresse and nothing else so how do i code it?
When you develop your webhook, you will need to have a single publicly accessible endpoint to connect with. This endpoint will receive an HTTP POST request and you will need to respond with an appropriate response.
Also i see everywhere people using node.js and i would like to use php is it possible?
Any language that can run on a web server can work. Node.js is one that is used a lot, but PHP can work just as well. You can create an actions.php file and then enter an endpoint address https://example.com/actions.php that will be called. You may need to refer to the Request and Response reference for the expected format.
if it's possible to test it in local server with mamp and phpmyadmin for exemple to test the answer of the server?
It's somewhat possible. You'll need to have some method of sending mock requests to your local server, which might be as easy as using cURL or other tools like Postman.
Unfortunately my personal experience with PHP tools is limited, so I can't necessarily walk-through the specifics. But it does seem like you know these tools a bit more and should be familiar enough to be able to get started.
running OWASP Zap proxy and i get output like:
WARN-NEW: Cookie Without Secure Flag [10011]
Is there a db or wiki of remediation approaches that take the issue ID? I'm looking for a way to humanize the results, with a message like "See http://how_to?issue=10011"
Thanks for any help,
KEvin
I'm guessing that you are using one of the packages ZAP scans, eg the baseline?
If so rerun your scan using one of the reporting options, eg '-r report_html' - this will give you a lot more information.
I am doing load testing in Soap ui and working on cab booking application so set api like this for example
userSingin ,GetlocationDetails,bookCab,getDriverDetails,acceptRide and completeRide so on.
It will become on loop(on completing of one ride successfully ) so this seniors may happened like 1000 or 10000 times.
The question is how to interlink api do it a single entity and perform load test using soap ui, jmeter or any load testing tools,or by coding please help me sort out problem with simple demo.
SoapUI has some load testing capabilities so given you have a functional test ready you can run it with increased load.
If SoapUI's load testing is not enough (i.e. you cannot create the desired load or find results not too verbose/informative) you can build the same test plan using JMeter's HTTP Request samplers. If you need to send custom Content-Type and SOAPAction headers - it can be done via HTTP Header Manager. See Building a SOAP WebService Test Plan article for more details.
Last but not the least, you can either execute existing SoapUI project using JMeter using Taurus tool, see SoapUI Support for more details on the specific feature and Navigating your First Steps Using Taurus to get familiarized with the tool and its concept.
I build a rest API service using flask framework to provide password query and update utility.Service crash without notice,so i write a shell script to monitor that,make sure that it crash now and then.However, I can not figure out what was going wrong.Debug mode just print request info,but not print out down-crash info.
I suggest to use a try-catch and logging will help you. Still if you can share your code I may able to help further.
If you want to know how to logging refer this How to maintain logs in Falcon
Please provide more details if possible.
May someone please explain what exactly acceptance test for QuickFix have to do(test for)?
Right now i have done several test that test the latency and througput of messages but i have no idea what the acceptance test for QuickFix shoud test.
I have searched over the net for this but i didnt manage to find the answer of the question. So if someone know what i have to test for or have done such test please write it here so i and other like me can see it. Thanks for all the help in advance.
By 'acceptance test' I'm assuming you are referring to some kind of conformance test? If so, then it depends on the business scenario that you are trying to test and how the FIX connection supports that. For example, you FIX connection might be a pricing feed. In which case conformance testing might cover:
Fix session level tests (i.e. checking both sides are conforming to the FIX protocol
Testing subscription to symbols and that prices are being received
However, if you FIX session was an order feed then tests would include order related scenarios e.g. testing that you can submit orders, receive order updates (fills, rejections and cancellations etc). Testing the behaviour of orders if you get disconnected (ie. do your GTC orders get pulled if you lose connection from the exchange etc)
An STP conformance test would hopefully result in answers to questions like:
How do I guarantee that I have received all the deals
How can I replay deals that might have been done whilst I've been disconnected?
How do I uniquely identify a trade? (i.e which FIX tags or combination of tags do I need)
Whether you are conformance testing an STP, pricing or orders fix session, you will always want to do the basic fix session level tests.
Do this help?