BOAST
BOAST is a server built to receive and report Out-of-Band Application Security Testing interactions.
BOAST features DNS, HTTP, and HTTPS protocol receivers with support for multiple simultaneous ports for each
receiver.
Requests made to BOAST by the target web application can be viewed in the OAST Callbacks
Tab in the ZAP GUI.
Scripts
If the Script Console and the GraalVM JavaScript add-ons are installed, a new script called
"OAST Get BOAST Servers.js" is added to ZAP. This script prints all the available information related to the registered
BOAST servers. The primary purpose of this script is to demonstrate how to interact with BOAST from a script. This will
enable you to write other scripts that make use of BOAST payloads and canary values to perform out-of-band attacks.
See also