zap-hud icon indicating copy to clipboard operation
zap-hud copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

Document HUD security model and features

Open psiinon opened this issue 6 years ago • 6 comments
trafficstars

Clearly explain the HUD security model and how it protects against specific threats.

psiinon avatar Dec 12 '18 09:12 psiinon

Just added https://github.com/zaproxy/zap-hud/wiki/Security @dscrobonia @thc202 @kingthorin is that enough to close this issue?

psiinon avatar Feb 18 '19 15:02 psiinon

Looks good to me, just two quick things:

Note that if you are using ZAP with potentially malicious web sites then you should not allow ZAP to be accessed by arbitrary IP addresses or disable any of the ZAP API security features.

Should probably link to the relevant FAQ(s) or help content.

For even more security you might want to run ZAP in a container like Docker.

Have you tried using HUD from within docker? I have no idea what that would look like or if it's practical.

kingthorin avatar Feb 18 '19 16:02 kingthorin

Have updated to state the default setting are safe but can be updated via the API Options Screen (which is linked to). Will try the HUD via docker asap - I really want that to work well ;)

psiinon avatar Feb 19 '19 14:02 psiinon

Added https://github.com/zaproxy/zap-hud/wiki/Using-the-HUD-with-ZAP-in-Docker and linked to it :D

psiinon avatar Feb 19 '19 16:02 psiinon

LGTM!

kingthorin avatar Feb 19 '19 16:02 kingthorin

Way behind the ball here. Looks great!

dscrobonia avatar Feb 25 '19 15:02 dscrobonia