🔐 OWASP ZAP Authenticated Scanning with OAuth2 | Full Walkthrough
In this video, we dive deeper into authenticated vulnerability scanning using OWASP ZAP, focusing on applications secured with OAuth2.
Learn how to perform authenticated scans using real user credentials, enabling access to protected endpoints and pages that are typically restricted to logged-in users. We'll guide you through:
✅ Setting up Script-based Authentication to handle the OAuth2 login flow
✅ Implementing an HTTP Sender Script to modify outgoing requests, ensuring ZAP maintains the authenticated session
✅ Performing a comprehensive vulnerability scan on an OAuth2-protected application
This hands-on demonstration is ideal for penetration testers, developers, and security enthusiasts looking to strengthen their understanding of authenticated scanning using ZAP.
📌 Tools Used:
- OWASP ZAP
- OAuth2 Provider: Okta
Scripts Used: