Vineel Pellella
Reputation: 422
How to analyze OWASP ZAP scan results effectively
How to analyze OWASP ZAP scan results effectively
After a run, I am getting a lot of URL's which are not vulnerabilities. Is there anyway that we can analyze the reports easily.
Upvotes: 1
Views: 2442
Answers (2)
Mate Mrše
Reputation: 8394
I propose a strategy:
- Run the scan
- Take the highest severity finding
- Read about it and check with development/other team members is is an issue or not
- Continue with the next finding on the list
- Repeat steps 2-4
After that, you will be able to eliminate or address most of the findings, so in the next iteration, you can exclude the non-issues from the scan.
Upvotes: 0
Simon Bennetts
Reputation: 6186
The ZAP HTML report should only contain potential issues. If its including things that you think are not issues then you'll need to let us know what they are. Note that
Upvotes: 1
Related Questions
- OWASP ZAP: Active scanning manual explored Actions
- How to login and scan with OWASP Zap
- OWASP/ZAP dangling when trying to scan
- OWASP ZAP - Scan a list of url
- Run a active scan from OWASP ZAP through Ubuntu command line using Open API Definition
- Types of scans performed by OWASPZAP
- Passive Scan in OWASP ZAP Authentication
- OWASP ZAP - 2 beginner questions
- Passive Scan in OWASP ZAP
- Restrict ZAP scanner