Tom Bola
Tom Bola

Reputation: 115

OWASP ZAP: Active scanning manual explored Actions

I started, with an automatic scan of my site under test. Then I have explored it manually to test actions, not found by the automatic scan. These Actions are visible in the History Tab.

I stored the session.

How can I re-run those manually added actions? I didn't find them as executed, when running an active scan again.

Upvotes: 0

Views: 918

Answers (2)

Abhishek Surpur
Abhishek Surpur

Reputation: 21

Quite late to the party, but if still someone needs this, here is what you can do.

  1. Explore all the sites manually which ZAP couldn't detect using spider
  2. Save a session by clicking on "Snapshot session as"
  3. Reopen same session and start scanning next time.

Upvotes: 0

Simon Bennetts
Simon Bennetts

Reputation: 6234

You can explore your app in a variety of ways using ZAP:

  • Manual exploring - very effective but no good for automation
  • Traditional Spider - fast but doesnt handle modernapp which use JS
  • Ajax Spider - slower but handles modern apps
  • Proxying unit tests - good it you have them
  • Importing definitions such as OpenAPI, SOAP, GraphQL
  • Proxying a program/script which makes those requests for you

For more details see the vidoes taged 'explore' on https://www.zaproxy.org/videos-list/

Upvotes: 1

Related Questions