From securityonline.info
URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.
- Generate scan template $ authz0 new
- Include URLs
- Include Roles
- Include ZAP history (Select URLS > Save Selected Entiries as HAR)
- Include Burp history (Select URLs > Save item)
- Include HAR file
- Easy modify scan template (Role, URL) $ authz0 setUrl $ authz0 setRole authz0 setCred
- Scanning authorization(access-control) with template $ authz0 scan