Finding OWASP ZAP Count

[POST] /qps/rest/3.0/count/was/owaspzapfinding

Returns the count of OWASP ZAP findings for a selected criteria.

Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access”. WAS Permissions "Access OWASP ZAP Report". The count includes web applications in the user's scope.

Input ParametersInput Parameters

These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND.

Click here for available operators

Parameter

Mandatory

/Optional

Data Type

Description

id

Optional

integer

ID of the finding.

uniqueId

Optional

value

The 36-bit unique id assigned to the finding.

For example:   

<Finding>
   <id>132990</id>
   <uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId>
...

name

Optional

text

Name of the detection finding.

alertRef

Optional

string

Reference of OWASP ZAP alert.

webApp.id

Optional

integer

ID of the web application on which the finding was detected.

webApp.name

Optional

string

Name of the web application on which the finding was detected.

webApp.tags

Optional

integer

The tags associated with the web application being scanned. Note: This parameter supports operator="NONE".

webApp.tags.id

Optional

integer

The tag ID assigned to web application being scanned.

webApp.tags.name

Optional

string

Name of the tag associated with the web application on which the finding was detected.

Sample - Get count of findings with a criteriaSample - Get count of findings with a criteria

API request

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "<qualys_base_url>/qps/rest/3.0/count/was/owaspzapfinding" < file.xml      
    

Request POST data

<ServiceRequest>
    <filters>
        <Criteria field="id" operator="EQUALS">1002</Criteria>
    </filters>
</ServiceRequest>      
    

XML Response

<?xml version="1.0" encoding="UTF-8"?>
 <ServiceResponsexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:noNamespaceSchemaLocation="<qualys_base_url>qps/xsd/3.0/was/ow aspzapfinding.xsd">
        <responseCode>SUCCESS</responseCode>
        <count>1</count>
 </ServiceResponse>      
    

XSD

<platform API server>/qps/xsd/3.0/was/owaspzapfinding.xsd