I have a RESt API which is secured with JWT token (As a HTTP header). I want to do a Penetration Test on the TEST API and have no prior understanding in this topic.So i went through some guidance and I installed OWASP ZAP and typed the URL and pressed the attack button.But the response was
Failed to attack the URL :received a 401 response code
So how can pen test my REST API using ZAP?
Any help is appreciated
Can you generate a valid JWT token in some way? If so you can then tell ZAP to use it as explained in this blog post: https://zaproxy.blogspot.com/2017/06/scanning-apis-with-zap.html