bdd-security
bdd-security copied to clipboard
iriusrisk
connection exception
Hi can anybody help me with the below error.
when i run through gradlew i am facing the below errors.
1.
net.continuumsecurity.proxy.ProxyException
Caused by: org.zaproxy.clientapi.core.ClientApiException
Caused by: java.net.ConnectException
2.
at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCConnection.
The below is the cofig.xml is there anything wrong that i am doing over here, please confirm
<!-- The settings in this file are for the demo ropey-tasks vulnerable web app available at: https://github.com/stephendv/RopeyTasks,
which is included in the bdd-security framework for demo purposes. -->
<!-- The web driver to use, can be either Firefox, Chrome or HtmlUnit. Optionally specify path to the driver (required for linux)
Some drivers require a path to the platform specific driver binary, for example chrome needs chromedriver. If these values are not specified, we'll use HtmlUnit
<defaultDriver>firefox</defaultDriver>
<defaultDriver path="src/test/resources/drivers/chromedriver-mac">firefox</defaultDriver> -->
<!-- Base URL of the application to test -->
<baseUrl>myapplication URL/</baseUrl>
<!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. -->
<class>net.continuumsecurity.examples.ropeytasks.RopeyTasksApplication</class>
<sslyze>
<path>/opt/sslyze/sslyze_cli.py</path>
<option>--regular</option>
</sslyze>
<!-- Optional names of the session ID cookies for session management testing. -->
<sessionIds>
<name>JSESSIONID</name>
</sessionIds>
<!-- the default user to use when logging in to the app -->
<defaultUsername>username</defaultUsername>
<defaultPassword>password</defaultPassword>
<scanner>
<ignoreUrl>.*logout.*</ignoreUrl>
<spiderUrl>baseUrl</spiderUrl>
</scanner>
<!-- An upstream proxy through which all HTTP traffic must pass before hitting the target
application under test. The framework will configure both the WebDriver instance and ZAP to use this proxy. Note that non-HTTP traffic will not use this proxy. -->
<upstreamProxy>
<host></host>
<port></port>
</upstreamProxy>
<incorrectPassword>SDFsdfwjx1</incorrectPassword>
<incorrectUsername>bobbles</incorrectUsername>
<!-- Optional login credentials for the Nessus server, the server location is specified in the nessus_scan.story file -->
<nessus>
<username>continuum</username>
<password>continuum</password>
</nessus>
<!-- Optional location of a running OWASP ZAP instance. Either an external- already running ZAP instance must be specified here, or the zapPath must be specified to launch ZAP
<proxy>
<host></host>
<port></port>
<api></api>
</proxy>-->
<zapPath>zap/zap.bat</zapPath>
Try using proper ZAP sources in project, and killing any process using zap/tmp/session/*.lck
Cheers,
