OWASP ZAP Summary
The integration of OWASP ZAP security solutions with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate vulnerabilities, improving their overall security posture and risk management.
OWASP ZAP Key Features
Data Import:
Import assets, scan summaries, and vulnerabilities from OWASP ZAP security tools into Centraleyezer, either on-demand or via automated schedules.
- Supported formats: XML.
Detailed Findings:
Centraleyezer provides comprehensive vulnerability details based on OWASP ZAP security assessments.
Risk Scoring:
Configurable severity values for OWASP ZAP findings, aligned with organizational risk policies.
Selective Data Import:
Supports filtering based on status, scan type, and severity for more precise data imports.
Secure Connectivity:
Requires an HTTPS connection, with or without a proxy.
Considerations
The integration supports mapping one OWASP ZAP instance with one Centraleyezer instance.
Configuring a different OWASP ZAP instance in the plugin will overwrite previously imported data.
Requirements
System Requirements:
Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform is recommended.
OWASP ZAP Prerequisites: API access must be enabled with proper authentication and must support findings export and API-based integration.
Permissions and Roles:
Centraleyezer: Requires System Admin or Application Security Manager permissions.
OWASP ZAP: User access for vulnerability scan results.
Import mappings require admin-level permissions.
Release Notes
Version 1.0.0:
Mapped vulnerabilities from OWASP ZAP security scans, including:
Finding Target
Asset Target
Asset
Name
Description:
Recommendation
Recommendation Details
Criticality