Running daily scans manually is a very cumbersome and boring task. So I thought of automating them for ease and fast processing. So Zaproxy is very well known OWASP vulnerability scanner that can be very helpful for webapps pentesting and lot more. So here are few steps to get started with OWASP Zaproxy: Step1: Download ZAProxy from here Step2: You can run Zaproxy in GUI mode to get feel and things that are available on this beautiful scanner. But in order to automated I prefer it running in daemon mode. So I use follwoing command: ./zap.sh -daemon -config api.disablekey=true & So this command will start ZAP in daemon mode with ZAP APIs listening on 8080 by default. Oh I forget to tell you that this scanner comes with REST API which you can access using python, java or ruby also. Everything that you can do from gui is also supported by these APIs. I generally use python so I installed owasp-zapv2 using pip. pip install python-owasp-zap-v2.4 If you want to read more ab
Security Beyond Compare ..