Reputation: 21
Owasp zap tool - How to get a list of passed and failed tests?
I'm using OWASP ZAP to scan a web application. After scanning I can export alerts I got as a PDF file. This PDF file includes only Alerts. The question is can I get a full list of all tests that passed and failed while scanning the app ? I know I can use ZAP's API to get all the scan rules, but it's not really what I need. I need a report that shows all test that passed and failed. Something like this :
| Test name | Passed / Failed |
| Test nr1 | Passed |
| Test nr2 | Failed |
Upvotes: 2
Views: 985
Answers (1)
Reputation: 3659
There is no such thing as a passed test in OWASP ZAP (and actually all others security dynamic testing tools). OWASP ZAP holds a set of attack vectors and puts them into different requests to the tested applications. When it finds a vulnerability - good. It will be reported. If not - well, it does nothing. Having not found anything does not prove that there is no vulnerability. Simply there is nothing to report.
Having said that, it is always a good idea to manually look over the history of generated requests yourself to see, if the applications does its job correctly. Also look at the URLs ZAP is accessing. Is it what you wanted to test? Common mistake that makes me cry is pentesting the login screen because you have not configured authentication correctly.
Upvotes: 3
Related Questions
- Get report from OWASP Zap session
- How to login and scan with OWASP Zap
- How to run ZAP scan in command line?
- OWASP ZAP - how to "prove" false positives?
- How to analyze OWASP ZAP scan results effectively
- Owasp Zap Testing rest api
- How to check if ZAP reports/alerts have been generated after scan?
- How to generate full report in owasp zap in any format
- Automated testing for OWASP A1-A10
- zap proxy how to exlude response from alert tab