DAST active scanning

Problem to solve

Right now DAST only performs passive scanning. Active scanning would possibly detect more security issues.

Further details

DAST is built on top of the Python script ZAP Baseline which only performs passive scanning. Active scanning would go further and possibly detect injection vulnerabilities and others.

Active scanning can't be performed on production environment since it puts the application under attack. But there's no such a risk when running a test instance of the application.

Proposal

Add an option so that users can switch between passive + active scanning and passive scanning only.

Enable active scanning by default.

What does success look like, and how can we measure that?

DAST should successfully detect some kind of injection vulnerability that can't be detected otherwise.

Links / references

https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAscan