Continuous penetration tests with predefined attacker datasets based on Open Worldwide Application Security Project (OWASP) top ten web application security risks and Zed Attack Proxy (ZAP).
From a technical perspective, ZAProxy is used as an HTTP(S) proxy, positioned between Botium and your chatbot endpoint. This setup is only meaningful if you are hosting your own HTTP(S) endpoint. It is not suitable for continuous security testing of hosted third-party endpoints, such as IBM Watson or Google Dialogflow.
These technologies use different HTTP(S) proxy settings than those linked by Botium. Moreover, the major SaaS providers already have minimal security vulnerabilities. Even if there is a vulnerability, Botium and ZAProxy are not the right tools to detect them.
Steps: