spring-boot owasp penetration-testing security-testing crlf-vulnerability

How can we do VAPT using OWASP ZAP in microservices?

I had gone through the OWASP ZAP and I found that ZAP requires endpoint of the web application. But still, I tried to provide URL of REST APIs of our microservices but I was getting 404 error. What I think is OWASP ZAP scans on HTTP GET method and don't allow POST method or else.

Below is the screenshot of ZAP: Link to the screenshot of ZAP

I know there is a post related to test of rest API but that post i was not full clear and was also not related to micro services. Please recommend any better open source software and way through which we can do our VAPT test easily.

Thanks

Solution

The ZAP Quick Start option only supports GET requests, but you can easily send POST requests using the Manual Request dialog. With APIs the main problem is how to discover them. Does that end point link to all of the other API end points?

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?