appsec101

# start
docker-compose up -d
# stop
docker-compose down

• After running the python script, a HTML file will be generated in your working directory.

# Init and install requirement
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# run and get report
python basic-spider-scan.py

• API key are hardcode in docker-compose.yml and basic-spider-scan.py file.
• Only listen on localhost.
• The target http://web:3000 is from juiceshop container name.

• https://github.com/zaproxy/zap-api-python
• https://github.com/zaproxy/zaproxy/blob/develop/docker/zap-baseline.py