0

can you all please give me idea on how to integrate ZAP tool with JMeter for security concerns and I need it to involve with daily CI builds??

And if this is wrong stack to ask this question, please direct me to one.

Thanks in advance.

EDIT: I recorded all the JMeter scripts. When I run JMeter, I need ZAP also to apply its security testings for all JMeter API calls. I need JMeter and ZAP to run in sequence for every API.

Krishnan Mahadevan
  • 14,121
  • 6
  • 34
  • 66
Bala
  • 184
  • 3
  • 19

2 Answers2

2

JMeter can be configure as a proxy to save all ZAP requests and then you can re send same OWASP test on same or environment after fix or change.

you can also configure ZAP to connect through another proxy - this is often necessary in a corporate environment.

Ori Marko
  • 56,308
  • 23
  • 131
  • 233
  • Thanks for your help. But I ve added my exact requirements in edit. Please take a look and do the needful. – Bala Jan 13 '18 at 14:50
  • You can add Zap as a proxy on server JMeter is doing the load test, see https://stackoverflow.com/questions/38660859/configure-zap-attack-as-a-system-wide-proxy – Ori Marko Jan 14 '18 at 14:20
1

You basically need to configure JMeter to send all requests through ZAP Intercepting Proxy. By default ZAP is running on the same host using port 8080 so you either need to run JMeter like:

jmeter -H localhost -P 8000 -n -t test.jmx -l result.jtl

Alternatively you can define the same settings via Java Networking Properties like:

jmeter -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 -n -t test.jmx -l result.jtl

And finally you can add the next lines to system.properties file (lives in "bin" folder of your JMeter installation)

http.proxyHost=localhost
http.proxyPort=8080
https.proxyHost=localhost
https.proxyPort=8080

JMeter restart will be required to pick the properties up.

More information:

Dmitri T
  • 159,985
  • 5
  • 83
  • 133