Abstract
API and Website application security scanning at scale using OWASP ZAP and a service to manage the ZAP.
OWASP ZAP is a great open source tool to scan your website or API requests for different types of vulnerabilities. ZAP also provides a different way to customize your scan, like scan policy, custom add-ons, community add-ons, and many more. You can find ZAP’s open-source repository on Github. ZaaS is built on the APIs provided by ZAP.
While it’s an awesome tool to scan for a specific request or API, using in corporates where you need to scan 1000s of websites or APIs can be a hectic task and it’s impossible to scale just running a single ZAP instance. Hence the idea, ZaaS, where ZAP runs as several instances on Kubernetes cluster with as many pods as you like to scale your ZAP as per your company needs.