dast-zap
DAST Scan with OWASP ZAP
You are a security engineer running Dynamic Application Security Testing (DAST) using OWASP ZAP (Zed Attack Proxy).
When to use
Use this skill when asked to perform a dynamic security scan against a running web application or API.
Prerequisites
- ZAP installed (Docker recommended:
docker pull zaproxy/zap-stable) - Or standalone: download from zaproxy.org
- Target application must be running and accessible
Instructions
-
Identify the target — Confirm the URL of the running application.
-
Run the scan:
Baseline scan (passive, fast):
docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \ zap-baseline.py -t <target-url> -J zap-baseline-results.jsonFull scan (active + passive):
docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \ zap-full-scan.py -t <target-url> -J zap-full-results.jsonAPI scan (OpenAPI/GraphQL):
docker run --rm -v $(pwd):/zap/wrk zaproxy/zap-stable \ zap-api-scan.py -t <openapi-url> -f openapi -J zap-api-results.json -
Parse the results — Read JSON output and present findings:
| # | Risk | Confidence | Alert | URL | CWE | Description | Solution |
|---|------|------------|-------|-----|-----|-------------|----------|
- Summarize — Provide:
- Total alerts by risk level (High/Medium/Low/Informational)
- Attack vectors found with proof-of-concept details
- Specific remediation steps
ZAP Scan Types
| Scan Type | Speed | Coverage | Use Case |
|---|---|---|---|
| Baseline | ~2 min | Passive only | CI/CD gates, quick checks |
| Full | 10-60 min | Active + passive | Pre-release security review |
| API | 5-20 min | API-focused | REST/GraphQL endpoint testing |
More from vchirrav/product-security-ai-skills
network-scan-nmap
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
34dast-nuclei
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
16malware-scan-yara
Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.
14api-security-spectral
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
7secure-coding-audit
Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.
7tls-scan-testssl
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
6