Add Attack Vector for ASP based applications #4
Description
Is your feature request related to a problem? Please describe.
Currently, the add-on supports the JSP, Html based Scan Rules, PHP so now we need to add the ASP-based scan rule. This Feature/Enhancement is for that.
Definition of Done
Definition of Done for this scan rule is
- Adding various scan rules for ASP, ASP in images, etc.
- Adding a VulnerableApplication which supports the https://github.com/SasanLabs/VulnerableApp-facade so that we can do TDD type of implementation where Vulnerable applications are written first and then Scan rules are written over them.
Code reference
Attack vector registration:
https://github.com/SasanLabs/owasp-zap-fileupload-addon/blob/main/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java#L47
Other Attack vectors for references:
https://github.com/SasanLabs/owasp-zap-fileupload-addon/tree/main/src/main/java/org/sasanlabs/fileupload/attacks/rce/php
Sample Vulnerable Applications for other attack vectors:
https://github.com/SasanLabs/VulnerableApp-php
Testing code changes
build the addon by running
- ./gradlew spotlessApply
- ./gradlew build
Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> fileupload*.zap and done.