owasp-zap-fileupload-addon
owasp-zap-fileupload-addon copied to clipboard
Add Attack Vector for ASP based applications
Is your feature request related to a problem? Please describe. Currently, the add-on supports the JSP, Html based Scan Rules, PHP so now we need to add the ASP-based scan rule. This Feature/Enhancement is for that.
Definition of Done Definition of Done for this scan rule is
- Adding various scan rules for ASP, ASP in images, etc.
- Adding a VulnerableApplication which supports the https://github.com/SasanLabs/VulnerableApp-facade so that we can do TDD type of implementation where Vulnerable applications are written first and then Scan rules are written over them.
Code reference Attack vector registration: https://github.com/SasanLabs/owasp-zap-fileupload-addon/blob/main/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java#L47
Other Attack vectors for references: https://github.com/SasanLabs/owasp-zap-fileupload-addon/tree/main/src/main/java/org/sasanlabs/fileupload/attacks/rce/php
Sample Vulnerable Applications for other attack vectors: https://github.com/SasanLabs/VulnerableApp-php
Testing code changes build the addon by running
- ./gradlew spotlessApply
- ./gradlew build Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> fileupload*.zap and done.