I have recorded a flow and created/Exported a Sites and Context using OWASP ZAP Tool.
Now I need to run ZAP SPIDER on the records Sites with Context through NodeJS
I have done npm install zaproxy
now I need to know how can I access/Import the recorded Context and Sites in my code and execute Spider and generate Reports on it.
Thanks in Advance
I cover using the ZAP API in this vid: https://www.youtube.com/watch?v=3vVnMh6AUkk&list=PLEBitBW-Hlsv8cEIUntAO8st2UGhmrjUB&index=14
Do you have to use the NodeJS client? Thats not really maintained by the ZAP core team and is currently out of date.
Related
I currently try to automate the process of creating a new Bamboo linked repository and start the scan. I've already looked over the documentation of the REST API, tried to generate a new plan and enabling a scan, but that didn't work.
I also tried the Java Maven Package from Atlassian, but that needs user credentials as an authentication method, whilst I need to authenticate via a Security token. There is a link to an API in that Maven Package, which I tried to send a request to with the yaml code, but it always responds with the status code 500 and a Java Stacktrace. It's probably due to a wrong request body, but I can't figure out, how to include the yaml content the same way, as the maven package.
Is there a way to create a linked repository via the REST API?
Thanks in advance!
Is there a way to create a linked repository via the REST API?
No and there won't ever be one because they're deprecating the Bamboo server in favour of their cloud-based alternative (which is based on a totally different API). See https://jira.atlassian.com/browse/BAM-18453
Java Maven Package from Atlassian
What package is that? Based on what I said earlier the only way for you to programmatically create a linked repo is to mimic the browser POST request to updateLinkedRepository.action. That means that you'll need to login first to get a JSESSIONID cookie (xsrf token can be disabled, see https://confluence.atlassian.com/bamkb/rest-api-calls-fail-due-to-missing-xsrf-token-899447048.html#RESTAPIcallsfailduetoMissingXSRFToken-Workaround). Ping me if you need help, I still have ansible code for the login part.
I have my code in Git repository. I am using UDeploy to deploy my code into MarkLogic environment. I can able to move all my modules successfully but facing two problems
1. Creating New indexes
2. REST endpoint creation
Please let me know if there is anyway to implement these two
For creating indexes, I have tried to do it using API functions(admin:database-range-element-index()) and I have successful in that part. But is there any way to do it from UDeploy or DevOps.
For register REST endpoint I couldn't able to find anyway to try.
Have you looked at MarkLogic's REST Management APIs - https://docs.marklogic.com/REST/management. In particular, see if https://docs.marklogic.com/REST/POST/manage/v2/databases will help you create indexes via REST management APIs.
The most common way to deploy MarkLogic code & configuration is ml-gradle, a plugin to the widely used gradle tool. ml-gradle uses MarkLogic's Management API, mentioned by Ganesh, and is scriptable.
I want to create/update the websites/cloud services in Azure in C#. My objective is to deploy the website/cloud service in Azure without any user intervention.
Can anyone please help me to resolve below queries?
Can we manage Azure websites/cloud services using C# code? If yes then how (any library/api/nuget package)?
If it is not possible in C#, then what are other options to achieve this? I read WebDeploy(MsDeploy), powershell can do this work but I am not sure which one is best in this scenario and how to use them.
This completely depends on your scenario. If you have got a system to run your powershell script from, this might be a good option (https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/) You could also use the cross platform command line tools to script your deployment / web app creation. There are different other options, especially for continous deployment to a web app. You can for example connect your github repo to an existing web app and deploy from that repository.
The C# library you were looking for should be this one:
https://github.com/Azure/azure-sdk-for-net/tree/master/src/ResourceManagement/WebSite
What is currently the "best" way to develop a back-end system in Azure Mobile Services?
Specifically, what tools are available? From what I've seen, most examples just go to the Management portal and manually add a few lines into the script window. This is worse than using just Notepad, and doesn't have any concept of version control...
Is there any way to make a project in VS 2012 that contains all the Node.js code that will run in the Azure Mobile service? Is there a way of fully running that code on a local development environment that mimics the Mobile Services?
I need to have server-side code with much more complexity than is shown in most of the Mobile Services samples or documentation that I've been able to find.
I have a web site, and a Win 8 Store App that need to authenticate against, and access relatively complex data structures from a back-end database. The solution being pushed right now all seem to include Mobile Services at the center of it, using simple REST against raw tables, but all the examples are too simple to be useful.
Can someone point me to a "real-life" sample of using Mobile Services, and a "mature" way of developing and testing such a system using the tools in Visual Studio?
Thanks.
Why you have no other option than the Management portal is really beyond me. It seems very awkward for a C#/.NET developer to go back to Notepad style programming with console.log() debugging.
What I would love to see is some Node.js entry points that you could connect to a regular C# assembly which could fulfill the request (as in ASP.NET MVC or Web API) having the full .NET Framework at your disposal.
What I could see as a possible architecture is to have:
ASP.NET MVC hosted on Azure
--- writes processed data with logic to --->
Azure SQL DB <--- reads from --- Azure Mobile Services ---- bridge to ---> Mobile devices
Or
Cloud Worker Role on Azure ---- crunching/processing ----> Azure SQL DB <---- reading/writing raw data ---- Azure Mobile Services ---- bridge to ---> Mobile devices
You can use the Mobile Services facility for mobile devices facilities, scheduling and push notifications with limited code and do most of the coding in a managed .NET environment.
The AMS (Azure Mobile Services) along with Azure has advanced dramatically since this post was written and the replied answers.
Some of this stuff still holds true. If you have a ton of node.js written not in the Azure cloud portal, you will want to copy and paste to the portal online, custom api calls section and even perhaps sql backend tables for CRUD operations.
The hope for C# developers is that it is NOW in preview mode in which YOU CAN skip node.js and build everything without node.js very shortly... Some bugs to work out, but in 6 months this will be fairly solid.
I had questions and issue and a guy named Carlos carlosfigueira was very helpful.
Azure Mobile Services - Getting more user information
Josh covers unit testing server-scripts here: http://www.thejoyofcode.com/Unit_testing_Mobile_Services_scripts_Day_7_.aspx
In this tutorial, he uses the Mocha testing framework for JS (id TDD mode) and walks through an example for testing an INSERT script that encrypts the value of a particular property (text) and a read script that decrypts it (value is encrypted at rest in SQL db).
You can also find aggregation of links and tutorials here.
I would suggest that you build this solution using Windows Azure Mobile solutions especially it supports the Node JS NPM right now, which means you can create the API you want on the Windows Azure using the Node JS NPM and can work with it using WAMS easily. have a look on the following link it will help you understand what I want to say more.
http://weblogs.asp.net/scottgu/archive/2013/06/14/windows-azure-major-updates-for-mobile-backend-development.aspx
For the Client I also suggest that you build it using SignalR which is designed for cases such yours where real time applications require a lot of transactions from the server side.
http://www.asp.net/signalr
you can also find more details about how you can integrate both of them in the following link: http://hhaggan.wordpress.com/2013/07/12/signalr-node-js/
I hope these help you, let me know if you need anything else.
For running locally, the mobile service has the same Kudu environment available in azure websites, so you can browse to https://your_service_name.scm.azure-mobile.net If you navigate to the Debug Console from the top nav, you can download everything running in the site/wwwroot folder.
You can run this nodejs project locally (On windows only if you require the SQL Server npm package). Your code is in App_Data/config/scripts. If you replace the downloaded content with your current local git working copy, you can develop and debug locally, and then push changes as usual.
Tools I use:
Eclipse with JS environment (or any nodejs IDE).
Git
Postman
Steps:
Enable source control to your azure mobile service.
Pull to your local and create a eclipse project with the source.
Make changes and push.
Test with POSTman
This procedure allows me to develop really fast and eclipse tell me the common JS errors. But it has obvious downside:
No debugging (I use console.log)
The project ended up with a lot of commits (its hard to use git for proper source control)
I just did a blog post on running Azure Mobile Services locally: http://www.mikelanzetta.com/2014/09/running-azure-mobile-services-locally/ - basically it interrogates the API and starts up express, and allows you to run mocha yourself locally. It's a bit cleaner than pulling down the full wwwroot from the scm link, and I found using my local runner as a git submodule made it easy to work with (and easy for me to use VSO for managing my tests).
Anyway, for actual development, I use the Git integration and WebStorm - it automatically figures out the tasks in my local Gruntfile and makes it easy to run and test. For once it's deployed, Postman is helpful.
I have some questions around the best mechanism to deploy MVC web applications to different environments. Previously I used setup projects (.msi's) but as these have been discontinued in VS2012 I am looking to move to an alternative.
Let me explain my current setup. I currently have a CI setup using TFSBuild 2010 with Team Foundation Server for source control.
A number of developers work on their local machines and check in to the TFS Server. We regularly deploy to a single server dev environment and a load balanced qa environment with 2 servers. Our current process includes installing an msi which carries out some of the following custom actions:
brings current app offline with the app_offline.htm file
run in database scripts (from database project in the solution)
modifies web.config (different for each web server of qa)
labels the code
warmup each deployed file via http request
etc
This is the current process. Now I would like to make some changes. Firstly, I need alternative to msi's. From som research I believe that web deploy via IIS and using MsDeploy is the best alternative. I can use web config transforms for web config modifications. Is this correct and if so, could I get an outline of what I need to do?
Secondly I want to set up continuous delivery via TFSBuild, I have no idea how this may be achieved, would it be possible to get an outline of how it can be integrated in to my current setup? Rather than check in driven, I would like it to be user driven following check in. Also, would it be possible for this to also run in database scripts from a database project in the solution.
Finally, there is also a production environment, but I would like to manually deploy this - can my process also produce an artifact that I can manually install?
Vishal Joshi has some information on his blog that is reasonably good, http://vishaljoshi.blogspot.com/2010/11/team-build-web-deployment-web-deploy-vs.html. It does have the downside that your deployment password is include in the properties you pass to msbuild.
Syed Hashimi has also posted some information on this in another questions Team Build: Publish locally using MSDeploy.