authz0: automated authorization test tool


URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.

  • Generate scan template $ authz0 new
    • Include URLs
    • Include Roles
    • Include ZAP history (Select URLS > Save Selected Entiries as HAR)
    • Include Burp history (Select URLs > Save item)
    • Include HAR file
  • Easy modify scan template (Role, URL) $ authz0 setUrl $ authz0 setRole authz0 setCred
  • Scanning authorization(access-control) with template $ authz0 scan

Read more…