@@ -675,45 +675,45 @@ ZAP Setup
675675
676676- Install & open ZAP
677677
678- - From the popup, select `` No, I do not want to persis this session at this
679- moment in time `` and click `` Start ``
678+ - From the popup, select the * No, I do not want to persis this session at this
679+ moment in time * option and click * Start *
680680
681- - From the menu, select `` Edit `` -> `` ZAP Mode `` -> `` Standard Mode `` (This
682- should be the default option)
681+ - From the menu, select * Edit * -> * ZAP Mode * -> * Standard Mode * (This should be
682+ the default option)
683683
684- - From the menu, select `` Tools `` -> `` Options `` :
684+ - From the menu, select * Tools * -> * Options * :
685685
686- - -> `` Network `` -> `` Rate Limit `` , add and enable a 3 request per second rule
687- for the match string ``anvilprod.org ``, and another rule for the match
688- string ``humancellatlas.org ``. This is required to prevent the scans from
689- exceeding the WAF rate limits for the Azul APIs, and being temporarily
690- blocked by the wAF .
686+ - * Network * -> * Rate Limit * , add and enable a 3 request per second rule for
687+ the match string ``anvilprod.org ``, and another rule for the match string
688+ ``humancellatlas.org ``. This is required to prevent the scans from exceeding
689+ the WAF rate limits for the Azul APIs, and being temporarily blocked by the
690+ WAF .
691691
692- - -> `` Check for Updates `` :
692+ - * Check for Updates * :
693693
694- - Check for updates on startup: Checked
694+ - Check the * Check for updates on startup* option
695695
696- - Check for updates to the add-ons you have installed: Checked
696+ - Check the * Check for updates to the add-ons you have installed* option
697697
698698Running an authenticated scan
699699"""""""""""""""""""""""""""""
700700
701701The process for running an authenticated scan is to first obtain an Azul
702- authentication token, and launch the ZAP application with the token set as
703- an environment variable. See
704- https://www.zaproxy.org/docs/getting-further/authentication/handling-auth-yourself/
702+ authentication token, and launch the ZAP application with the token set as an
703+ environment variable. See the ` ZAP documentation
704+ < https://www.zaproxy.org/docs/getting-further/authentication/handling-auth-yourself/> `_
705705for more information.
706706
707707- To get an authorization token from Azul:
708708
709709 - Open the Swagger UI for the appropriate (HCA or AnVIL) Azul service
710710
711- - Click `` Authorize `` and complete the authorization
711+ - Click * Authorize * and complete the authorization
712712
713713 - Using the Swagger UI, excecute an enpoint such as ``/index/catalogs ``
714714
715715 - Note the example ``curl `` command, and copy the token from the
716- ``Authorization `` header (e.g. "Bearer ya29.a0…")
716+ ``Authorization `` header option (e.g. "Bearer ya29.a0…")
717717
718718- To set the envinroment variable and launch ZAP from the command line, open a
719719 terminal and run:
@@ -733,30 +733,31 @@ With the ZAP application open, you must start a new session prior to running a
733733new scan. Failure to do so can pollute the scan results with the findings from
734734the previous scan.
735735
736- If you are promopted to with options to persist the ZAP session, select `` No, I
737- do not want to persist this session `` and click `` Start ``. You may now continue
738- with the scan of your choice.
736+ If you are promopted with options to persist the ZAP session, select the * No, I
737+ do not want to persis this session at this moment in time * option and click
738+ * Start *. You may now continue with the scan of your choice.
739739
740740Running a Portal / Browser scan
741741"""""""""""""""""""""""""""""""
742742
743- - From the `` Quick Start `` tab, click `` Automated Scan ``
743+ - From the * Quick Start * tab, click * Automated Scan *
744744
745- - URL to attack: https://anvilproject.org/
745+ - Enter the desired URL (e.g. https://anvilproject.org/) in the *URL to
746+ attack * field
746747
747- - Use traditional spider: Checked
748+ - Check the * Use traditional spider * option
748749
749- - Use ajax spider: If modern
750+ - Select * If modern * from the * Use ajax spider * option
750751
751- - With: Firefox Headless
752+ - Select * Firefox Headless * from the * With * option
752753
753- - Click `` Attack ``
754+ - Click * Attack *
754755
755756- Wait until all the scans (Ajax spider, passive scans, etc.) have completed. In
756757 practice, this can take up to four hours depending on the target URL. Note
757758 that you will not recieve a notification when the scans have completed,
758- however you can see the `` Current Status `` in the ZAP window footer, and
759- proceed when all scan counts report ``0 ``.
759+ instead, take note of the * Current Status * values in the ZAP window footer.
760+ Proceed when all scan counts show ``0 ``.
760761
761762- Generate a report (see section below)
762763
@@ -765,32 +766,34 @@ Running an Azul Indexer / Service API scan
765766
766767In order to run an API scan you must first import the OpenAPI definition.
767768
768- - From the menu, select `` Import `` -> `` Import an OpenAPI Definition ``
769+ - From the menu, select * Import * -> * Import an OpenAPI Definition *
769770
770- - URL: https://service.explore.anvilproject.org/openapi.json
771+ - Enter the URL of the OpenAPI definition (e.g.
772+ https://service.explore.anvilproject.org/openapi.json) in the *URL * field
771773
772- - Click " Import"
774+ - Click * Import *
773775
774- After importing the OpenAPI definitions , you may now follow the instructions
776+ After importing the OpenAPI definition , you may now follow the instructions
775777above for running an ``Automated Scan ``. When entering the URL to attack, use
776778the base URL of the Azul indexer or service with no additional path components
777779(e.g. https://service.explore.anvilproject.org/).
778780
779781Generating a ZAP Report
780782"""""""""""""""""""""""
781783
782- After a scan has completed, you can save a PDF export of the scan results with
783- the `` Generate Report `` action .
784+ After a scan has completed, use the following steps to save a PDF export of the
785+ scan results .
784786
785- - From the menu, select `` Report `` -> `` Generate Report ``
787+ - From the menu, select * Report * -> * Generate Report *
786788
787- - Template: Traditional PDF Report
789+ - Select * Traditional PDF Report * from the * Template * option
788790
789- - Report Title: (Use a format such as "AnVIL Data Portal")
791+ - Enter a value such as "AnVIL Data Portal" in the * Report Title * field
790792
791- - Report Name: (Use a format such as "2025-01-01-anvil-data-portal.pdf")
793+ - Enter a value such as "2025-01-01-anvil-data-portal.pdf" in the *Report
794+ Name * field
792795
793- - Click " Generate Report"
796+ - Click * Generate Report *
794797
795798
796799Troubleshooting
0 commit comments