Aikido's surface monitoring is built on top of OWASP ZAP. Aikido uses it to monitor your app's public attack surface by probing your domain names for weaknesses.
What is Surface Monitoring Scanning?
Surface monitoring, sometimes better known as Dynamic Application Security Testing (DAST) inspects all the externally-facing components of your software, including the application programming interfaces (APIs), web pages, data transfer protocols, and other user-facing features.
Overview of checks performed
To see the checks performed by the Surface Monitoring Scanner, visit our repository checks overview page at: https://app.aikido.dev/repositories/surface_monitoring. Here, you'll find a detailed list of all the checks performed during the scan. Aikido will only perform safe, non-destructive automated test (eg no automated SQL injection attempts,..)
Enabling the Surface Monitoring Scanner
Navigate to the domains settings.
Fill in the domain name for the repositories which have public-facing domains by filling out the configuration form.
Once you've completed the survey, simply start a scan for your repository. The Surface Monitoring Scanner will then get to work, scanning your software surface for any signs of potential threats and report the issues in your feed.