Reputation: 45
zap proxy how to exlude response from alert tab
I'd like to know how to exclude certain responses from the alert tab? If there is a way. Can't find any.
For example if the response page reports "character to number conversion error" I'd like to tell the zap attack proxy that this ain't a vulnerability but a correct response and therefore it shall not appear in the alert tab.
Upvotes: 1
Views: 2925
Answers (1)
Reputation: 6186
Double click the alert, and then change the "Confidence" to "False positive", it will stay in the Alerts tab but not be included in reports. Or you can right click the alert and "Delete" it, but it can then be raised again by the active or passive scanner. That why we have the "False positive" setting. FYI we have a ZAP Users group which is probably more suitable for questions like this (as Stackoverflow is a general forum): http://groups.google.com/group/zaproxy-users That linked off the ZAP "Online / ZAP User Group" menu item, which is apparently invisible as no one seems to spot it ;)
Simon (ZAP Project lead)
Upvotes: 2
Related Questions
- Get report from OWASP Zap session
- How to login and scan with OWASP Zap
- How to capture HTTP request in OWASP ZAP
- How to working Owasp ZAP on web interface
- Unable to apply alert filter on alerts created in zap
- How to add ZAP alert through ZAP python api?
- zaproxy - API scan with request header
- Can I access to Alerts Object of OWASP ZAP?
- Can we single out an alert say "Web Browser XSS Protection Not Enabled" and rerun in ZAP Proxy
- OWASP Zap alert names