dast-zap

Description

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

Install

Add the repository(one-time)

/plugin marketplace add AgentSecOps/SecOpsAgentKit

Install the plugin

/plugin install appsec-skills@agent-sec-ops-kit-skills

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

assets/github_action.yml

assets/gitlab_ci.yml

assets/zap_automation.yaml

assets/zap_context.xml

references/EXAMPLE.md

references/api_testing_guide.md

references/authentication_guide.md

references/false_positive_handling.md

references/owasp_mapping.md

Links

GitHub Stats

0 forks

Similar Skills

attack-tree-construction

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

security-scanning

23.7k

sast-configuration

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

security-scanning

23.7k

security-requirement-extraction

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

security-scanning

23.7k