Installing, configuring, and running the ZAP GUI OAST server
The BOAST server was created to receive and report the results of out-of-band application security testing. Some application security tests only result in out-of-band responses from the applications being examined. Because of the nature of these specific use case scenarios, the requests won’t transmit as a response back to the attacker and won’t be seen when a client is hidden behind a third-party NAT. A different component is then required in order to properly perceive such responses. This component needs the ability to be freely accessed over the internet and communicate the received protocols and ports without being constrained by that third-party NAT.
In this recipe, we will walk you through how to install, configure, and test applications that require OOB, using the OWASP ZAP BOAST server, and how to install your own BOAST server for testing.
Getting ready
This recipe requires ZAP set up to intercept...