bagelhole/dast-scanning
security/scanning/dast-scanning/SKILL.md
Perform dynamic application security testing with OWASP ZAP, Burp Suite, and Nikto. Test running applications for security vulnerabilities through automated and manual testing. Use when testing web applications, APIs, or performing penetration testing.
$ install --global
skillsauthnpx skillsauth add bagelhole/devops-security-agent-skills dast-scanningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 5:06 PM5.5s2 files scanned
SKILL.md
- name:
- dast-scanning
- description:
- Perform dynamic application security testing with OWASP ZAP, Burp Suite, and Nikto. Test running applications for security vulnerabilities through automated and manual testing. Use when testing web applications, APIs, or performing penetration testing.
- license:
- MIT
- author:
- devops-skills
- version:
- 1.0
DAST Scanning
Test running applications for security vulnerabilities through dynamic analysis.
When to Use This Skill
Use this skill when:
- Testing deployed applications
- Performing automated security scans
- Finding runtime vulnerabilities
- Testing authentication flows
- Validating API security
Prerequisites
- Running application instance
- Network access to target
- Testing authorization
- Understanding of web security
Tool Overview
| Tool | Type | Best For | |------|------|----------| | OWASP ZAP | OSS | Automated scanning, CI | | Burp Suite | Commercial | Manual testing, advanced | | Nikto | OSS | Web server scanning | | Nuclei | OSS | Template-based scanning | | Arachni | OSS | Comprehensive scanning |
OWASP ZAP
Docker Setup
# Run ZAP in daemon mode
docker run -d --name zap \
-p 8080:8080 \
-v $(pwd)/reports:/zap/reports \
ghcr.io/zaproxy/zaproxy:stable \
zap.sh -daemon -host 0.0.0.0 -port 8080 \
-config api.addrs.addr.name=.* \
-config api.addrs.addr.regex=true
Baseline Scan
# Quick baseline scan
docker run --rm -v $(pwd):/zap/wrk \
ghcr.io/zaproxy/zaproxy:stable \
zap-baseline.py -t https://target.example.com \
-r baseline-report.html
# With authentication
docker run --rm -v $(pwd):/zap/wrk \
ghcr.io/zaproxy/zaproxy:stable \
zap-baseline.py -t https://target.example.com \
-r report.html \
--auth-login-url https://target.example.com/login \
--auth-username user \
--auth-password pass
Full Scan
# Comprehensive scan
docker run --rm -v $(pwd):/zap/wrk \
ghcr.io/zaproxy/zaproxy:stable \
zap-full-scan.py -t https://target.example.com \
-r full-report.html \
-J full-report.json
API Scan
# OpenAPI specification scan
docker run --rm -v $(pwd):/zap/wrk \
ghcr.io/zaproxy/zaproxy:stable \
zap-api-scan.py -t https://target.example.com/openapi.json \
-f openapi \
-r api-report.html
ZAP Automation Framework
# zap-automation.yaml
env:
contexts:
- name: "Default Context"
urls:
- "https://target.example.com"
includePaths:
- "https://target.example.com/.*"
excludePaths:
- "https://target.example.com/logout.*"
authentication:
method: "form"
parameters:
loginUrl: "https://target.example.com/login"
loginRequestData: "username={%username%}&password={%password%}"
verification:
method: "response"
loggedInRegex: "\\QWelcome\\E"
users:
- name: "testuser"
credentials:
username: "[email protected]"
password: "password123"
jobs:
- type: spider
parameters:
context: "Default Context"
user: "testuser"
maxDuration: 10
- type: spiderAjax
parameters:
context: "Default Context"
user: "testuser"
maxDuration: 10
- type: passiveScan-wait
parameters:
maxDuration: 5
- type: activeScan
parameters:
context: "Default Context"
user: "testuser"
policy: "Default Policy"
- type: report
parameters:
template: "traditional-html"
reportDir: "/zap/reports"
reportFile: "zap-report"
# Run automation
docker run --rm -v $(pwd):/zap/wrk \
ghcr.io/zaproxy/zaproxy:stable \
zap.sh -cmd -autorun /zap/wrk/zap-automation.yaml
CI/CD Integration
GitHub Actions
name: DAST Scan
on:
workflow_dispatch:
schedule:
- cron: '0 2 * * *'
jobs:
dast:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Start Application
run: |
docker-compose up -d
sleep 30 # Wait for app to be ready
- name: OWASP ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'http://localhost:8080'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'
- name: Upload Report
uses: actions/upload-artifact@v4
if: always()
with:
name: zap-report
path: report_html.html
GitLab CI
dast:
stage: security
image: ghcr.io/zaproxy/zaproxy:stable
variables:
TARGET_URL: $DAST_TARGET_URL
script:
- mkdir -p /zap/wrk/reports
- zap-baseline.py -t $TARGET_URL -r /zap/wrk/reports/zap-report.html -I
artifacts:
paths:
- reports/
expire_in: 1 week
rules:
- if: $CI_COMMIT_BRANCH == "main"
Burp Suite Automation
REST API Usage
import requests
class BurpScanner:
def __init__(self, api_url, api_key):
self.api_url = api_url
self.headers = {'Authorization': api_key}
def create_scan(self, target_url):
"""Create and start a new scan."""
payload = {
'scan_configurations': [
{'name': 'Crawl and Audit - Balanced'}
],
'scope': {
'include': [{'rule': target_url}]
},
'urls': [target_url]
}
response = requests.post(
f'{self.api_url}/v0.1/scan',
json=payload,
headers=self.headers
)
return response.headers.get('Location')
def get_scan_status(self, scan_id):
"""Get scan status."""
response = requests.get(
f'{self.api_url}/v0.1/scan/{scan_id}',
headers=self.headers
)
return response.json()
def get_issues(self, scan_id):
"""Get scan issues."""
response = requests.get(
f'{self.api_url}/v0.1/scan/{scan_id}/issues',
headers=self.headers
)
return response.json()
# Usage
scanner = BurpScanner('http://burp:1337', 'api-key')
scan_id = scanner.create_scan('https://target.example.com')
while True:
status = scanner.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
break
time.sleep(30)
issues = scanner.get_issues(scan_id)
Nikto
Basic Scanning
# Install
apt-get install nikto
# Basic scan
nikto -h https://target.example.com
# With specific options
nikto -h https://target.example.com \
-ssl \
-Tuning 123bde \
-output nikto-report.html \
-Format html
# Scan specific ports
nikto -h target.example.com -p 80,443,8080
Common DAST Findings
OWASP Top 10
owasp_findings:
A01_Broken_Access_Control:
- IDOR vulnerabilities
- Missing function-level access control
- Privilege escalation
A02_Cryptographic_Failures:
- Sensitive data in URLs
- Missing HTTPS
- Weak ciphers
A03_Injection:
- SQL injection
- Command injection
- XSS
A05_Security_Misconfiguration:
- Default credentials
- Verbose error messages
- Missing security headers
A07_Auth_Failures:
- Weak passwords accepted
- Session fixation
- Missing MFA
Security Headers Check
# Check security headers
curl -I https://target.example.com | grep -i "x-\|content-security\|strict"
# Expected headers:
# X-Content-Type-Options: nosniff
# X-Frame-Options: DENY
# X-XSS-Protection: 1; mode=block
# Content-Security-Policy: default-src 'self'
# Strict-Transport-Security: max-age=31536000
Custom Test Cases
# Test authentication
tests:
- name: "Authentication Bypass"
steps:
- Access protected resource without auth
- Verify 401/403 response
- Access with valid auth
- Verify 200 response
- name: "Session Management"
steps:
- Login and capture session token
- Logout
- Attempt to use old session
- Verify session invalidated
- name: "Input Validation"
steps:
- Submit XSS payload in all inputs
- Submit SQL injection in all inputs
- Verify proper sanitization
Common Issues
Issue: False Positives
Problem: Scanner reports non-vulnerabilities Solution: Configure scan policy, review findings manually
Issue: Missing Authentication
Problem: Cannot scan authenticated areas Solution: Configure authentication context, use session tokens
Issue: Incomplete Coverage
Problem: Scanner misses endpoints Solution: Import API specs, improve spidering, use authenticated scanning
Best Practices
- Test in staging environment first
- Configure proper authentication
- Import API specifications for complete coverage
- Review findings before reporting
- Combine with manual testing
- Run regular scans (weekly minimum)
- Track findings over time
- Coordinate with development team
Related Skills
- sast-scanning - Static analysis
- penetration-testing - Manual testing
- waf-setup - WAF configuration
Related Skills
bagelhole/sre-dashboards
development
VerifiedTrustedCommunity
Design and operationalize SRE dashboards that surface reliability, latency, error, saturation, and capacity signals across services. Use when building observability views for SLOs, incident response, and executive reliability reporting.
28SKILL.mdUpdated May 23, 2026
bagelhole/openclaw-security-hardening
testing
VerifiedTrustedCommunity
Harden OpenClaw self-hosted environments with baseline host controls, auth tightening, secret handling, network segmentation, and safe update/rollback workflows. Use when deploying OpenClaw in home labs, startups, or production-like local AI infrastructure.
28SKILL.mdUpdated Apr 3, 2026
bagelhole/vector-database-ops
devops
VerifiedTrustedCommunity
Deploy, manage, and optimize vector databases for AI applications. Covers Qdrant, Weaviate, pgvector, and Pinecone — collection management, indexing strategies, backup, and performance tuning for production RAG and semantic search workloads.
28SKILL.mdUpdated Apr 3, 2026
bagelhole/model-serving-kubernetes
testing
VerifiedTrustedCommunity
Deploy ML models on Kubernetes with KServe (formerly KFServing) and NVIDIA Triton Inference Server. Includes canary deployments, autoscaling, model versioning, A/B testing, and GPU resource management for production model serving.
28SKILL.mdUpdated Apr 3, 2026