undetected Selenium
undetected Selenium

Reputation: 193388

Types of scans performed by OWASPZAP

I have started working with OWASPZAP (Manual Scans) and till now the learning and simultaneous execution had been exciting.

I did a Passive Scan on our Application and have found 3 Alerts and have interpreted the Description / OtherInfo / Solution / Reference which are as follows:

My questions are:

Note: Of-coarse the question directly involve tools (e.g. OWASPZAP) used primarily for programming.

Upvotes: 0

Views: 1297

Answers (1)

kingthorin
kingthorin

Reputation: 1545

There's a wiki page that covers "ZAPping the top 10"

There are a number of help pages available with descriptions of the various scan rules or plugins: Active Scan:

Passive Scan:

You can create a Standalone script to run within ZAP to get the details of Active Scanners: https://github.com/zaproxy/community-scripts/blob/master/standalone/Active%20scan%20rule%20list.js. Using a weekly release (newer than early March 2018) or the next stable release (2.8.0 or whatever) you'll be able to do something similar for passive scan rules leveraging ExtensionPassiveScan.getPluginPassiveScanners()

Creating Active Scan Policy(ies) can be done via the Scan Policy Manager Dialog. Active Scan policies can be saved, exported, and imported.
Enabled/disabling Passive Scan rules can be done via the Options Passive Scan Rules screen. (A Passive Scan "policy" can be established programmatically as discussed here -> https://stackoverflow.com/a/51288461/7718222)

Upvotes: 1

Related Questions