Security Testing: Using OpenAPI 3.0 with OWASP ZAP

So, right now you can’t really do that right off the bat.

Existing GitHub issue

There is an existing GitHub issue asking for OpenAPI 3.0 support on OWASP ZAP, but currently (at the time of writing) that is still open: https://github.com/zaproxy/zaproxy/issues/4549

First, you’ll need to get OWASP ZAP

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Then, get the OpenAPI support plugin

Here’s a post that explains API exploration via OWASP ZAP: https://zaproxy.blogspot.com/2017/04/exploring-apis-with-zap.html

OpenAPI 3.0 to Swagger 2.0

You can use this API Spec Converter tool for conversion: https://github.com/LucyBot-Inc/api-spec-converter

Leave a comment

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.