You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/content/docs/testapps/ginnjuiceshop.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,6 +13,11 @@ Despite claiming to be a modern app is is actually relatively traditional (it is
13
13
14
14
* Online: https://ginandjuice.shop/
15
15
16
+
> [!WARNING]
17
+
> We are aware that a 3rd Party has published a blog post claiming that ZAP is not effective when scanning Gin & Juice Shop.
18
+
> We have pointed out the mistakes that they have made but to date they have not corrected their misinformation.
19
+
> Luckily as ZAP is Open Source you should be able to easily test this for yourself given the information below.
20
+
16
21
### Potential Pitfalls
17
22
18
23
This is an online app which may be unavailable or broken at any point.
@@ -103,7 +108,8 @@ For the AJAX Spider you need to exclude the logout link:
103
108
104
109
Gin & Juice Shop has a well documented set of [vulnerabilities](https://ginandjuice.shop/vulnerabilities).
105
110
106
-
Not too surprisingly you will need to configure the [activeScan](/docs/desktop/addons/automation-framework/job-ascan/) job, and you will probably want to generate a [report](/docs/desktop/addons/report-generation/automation/).
111
+
We have a simple example Automation Framework Plan for performing an authenticated scan:
Some of the Gin N Juice shop vulnerabilities can only be found using [OAST](/blog/2021-08-23-oast-with-owasp-zap/). You will need to configure ZAP to use OAST as it is disabled by default,
109
115
due to the fact that it will send data to 3rd party services.
0 commit comments