As per my knowledge ZAP can be used for .NET Web Application and Service testing, not for Desktop Application testing. I need to test the desktop application.
In the ZAP Getting Started PDF, it is written that it can do code review. So it this possible that ZAP does the code review for the .NET Desktop Application? If yes, then how?
You don't seem to have read the text in full. Code Review
is listed as a type of security testing...
Security testing is often broken out, somewhat arbitrarily, according to either the type of vulnerability being tested or the type of testing being done. A common breakout is: • Vulnerability Assessment – The system is scanned and analyzed for security issues. • Penetration Testing – The system undergoes analysis and attack from simulated malicious attackers. • Runtime Testing – The system undergoes analysis and security testing from an enduser. • Code Review – The system code undergoes a detailed review and analysis looking specifically for security vulnerabilities.
The document then goes on to explain what Penetration Testing
is and how ZAP can be used as part of a Penetration Test
.