GSoC/GCI Archive
Google Summer of Code 2014 OWASP Foundation

Advanced access control testing and user access comparison

by Cosmin Stefan for OWASP Foundation

OWASP ZAP already has the capability to allow users to configure authentication methods, session management methods and Users for a web-application in order to automate the authentication/re-authentication process during scans. This project aims to enhance ZAP’s capabilities by adding a set of access control testing features and tools.