Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Attack Vector for ASP based applications #4

Open
preetkaran20 opened this issue Aug 8, 2021 · 0 comments
Open

Add Attack Vector for ASP based applications #4

preetkaran20 opened this issue Aug 8, 2021 · 0 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers

Comments

@preetkaran20
Copy link
Member

preetkaran20 commented Aug 8, 2021
edited
Loading

Is your feature request related to a problem? Please describe.
Currently, the add-on supports the JSP, Html based Scan Rules, PHP so now we need to add the ASP-based scan rule. This Feature/Enhancement is for that.

Definition of Done
Definition of Done for this scan rule is

  1. Adding various scan rules for ASP, ASP in images, etc.
  2. Adding a VulnerableApplication which supports the https://github.com/SasanLabs/VulnerableApp-facade so that we can do TDD type of implementation where Vulnerable applications are written first and then Scan rules are written over them.

Code reference
Attack vector registration:
https://github.com/SasanLabs/owasp-zap-fileupload-addon/blob/main/src/main/java/org/sasanlabs/fileupload/attacks/FileUploadAttackExecutor.java#L47

Other Attack vectors for references:
https://github.com/SasanLabs/owasp-zap-fileupload-addon/tree/main/src/main/java/org/sasanlabs/fileupload/attacks/rce/php

Sample Vulnerable Applications for other attack vectors:
https://github.com/SasanLabs/VulnerableApp-php

Testing code changes
build the addon by running

  1. ./gradlew spotlessApply
  2. ./gradlew build
    Then go to the ZAP -> File -> Local addon file -> Navigate to project -> build -> bin -> fileupload*.zap and done.
@preetkaran20 preetkaran20 added documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers labels Aug 8, 2021
@preetkaran20 preetkaran20 changed the title Add Scanrule for ASP based applications Add Attack Vector for ASP based applications Sep 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@preetkaran20