dast-zap

Description

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

Tool Access

Full access

Inherits all available tools

Supporting Files

9 files

Additional assets for this skill

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

assets/github_action.yml

assets/gitlab_ci.yml

assets/zap_automation.yaml

assets/zap_context.xml

references/EXAMPLE.md

references/api_testing_guide.md

references/authentication_guide.md

references/false_positive_handling.md

references/owasp_mapping.md

Links

GitHub Stats

0 forks

Updated 22 days ago

Related Skills

bash-defensive-patterns

22.8K

Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities requiring fault tolerance and safety.

From shell-scripting

bats-testing-patterns

22.8K

Master Bash Automated Testing System (Bats) for comprehensive shell script testing. Use when writing tests for shell scripts, CI/CD pipelines, or requiring test-driven development of shell utilities.

From shell-scripting

shellcheck-configuration

22.8K

Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability.

From shell-scripting