Difference Generator
The Attack Surface Difference Generator is a feature built into the OWASP ZAP plugin that allows the user to point the Attack Surface Detector at two separate versions of the same application to gain better insight into the changes made between versions. The Attack Surface Detector will discover the application's endpoints and parameters for both versions and pass the discovered data the Difference Generator which will then compare the data sets of both versions. The Difference Generator will highlight the changes to parameters indicating weather they are new/modified/deleted. The Difference Generator will also highlight new/modified endpoints and make requests to the application server based on this information
To configure the Difference Generator you would follow the standard Attack Surface Detector configuration steps but would also select a comparison code base or JSON endpoint output in the Configuration tab
Results will be displayed in the Attack Surface Detector Results tab in the endpoints table, and the ZAP Site Map.
Endpoints in the table will be marked as new or modified in the right most column. Double clicking any of these endpoints will display the endpoint details below and will show the parameter/endpoint differences.
Requests made based on the discovery process will be displayed in the ZAP Site Map.
