Menu
My requirement is do the "Authenticated Scan" by using the TFS DevOps pipeline, for this I added the "OWASP Zed Attack Proxy Scan" extension under TFS and added the tasks in pipeline. also I installed the OWASP desktop app (2.11.1), pipeline working fine with 'Unauthenticated mode' on the website, but I need to do the 'authenticated scan so that tool can identity the bugs/vulnerabilities after the login pages as well, how this can be done?
688
asked Apr 25 '26 14:04
First of all, you dont need to use the ZAP desktop app - ZAP can be run in a variety of ways that are more suited to automation - see https://www.zaproxy.org/docs/automate/
Secondly, authentication can be a real pain - there are so many ways that applications handle it :( Have a look at the official ZAP videos on https://www.zaproxy.org/videos-list/ - you can search for "Auth" in the tags to narrow those down to the most relevant ones.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
