owasp zap how to check vulnerabilities of post request

Question

I have to check if my endpoint REST POST have or not some vulnerabilities.

I'm using owasp zap for the first time.

If I try to check my endpoint that is a REST POST just inserting the url in the form on owasp zap, it gives me an error 405.

So how can I check this kind of request?

Thanks

Simon Bennetts Simon Bennetts · Accepted Answer · 2020-03-02T09:34:15

The ZAP Quick Scan is just that, a quick scan :) You have various options:

If you have an Swagger / OpenAPI definition then import that: https://www.zaproxy.org/docs/desktop/addons/openapi-support/
If you have any API tests then you can proxy those via ZAP
Otherwise you can send any requests you like via the Manual Request Editor: https://www.zaproxy.org/docs/desktop/ui/dialogs/man_req/

To learn more about ZAP have a look at the Getting Started Guide: https://www.zaproxy.org/getting-started/