It has been a while since I posted something. I have been pretty busy with my day to day. I am re working my lab and some other projects. I was thinking on what to post about and since in my last post I deployed a small application security lab on Kubernetes. I thought it would be cool to run one of the tools I had deployed. I chose OWASP ZAP. ZAP is a DAST tool which means it tests the application while it is actually running. Think of it as a robot that pokes at your app from the outside looking for weaknesses.

I have been looking for the opportunity for document deployment of a small application security lab that I created last year in my home. I want to be able to run SAST SCA and other application tools. To see how they behave and how they work with the CI/CD. I will be using Kubernetes for this project. Rationale is that Kubernetes allows IAC to deploy these containers. Which makes the deployment a lot more easier and simpler than having to deploy it from on host, dealing with dependencies and other “FUN” configurations. I will add detailed configuration steps later on how everything connects.