Stack Overflow
Stack Overflow

Questions tagged [zap]

OWASP Zed Attack Proxy (ZAP)

https://www.owasp.org/index.php/ZAP

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. The Open Web Application Security Project (OWASP), an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

548 questions
3
votes
3 answers

OWASP Zap Exclude in Proxy everything but given URL

My question is pretty straightforward I want to exclude from proxy everything but this 2 URLS, just want to see the traffic of 1 site. http://www.timetosa.com and https://www.timetosa.com This is the REG I have inserted in the Exclude from Proxy…
aDoN
  • 1,877
  • 4
  • 39
  • 55
3
votes
2 answers

ZAP Authentication using API calls

I am using ZAP API calls to test a site using command line. But I have a problem with the user authentication even though I am following the correct steps. But I still can't manage to pass the login page when spider as a user. Below are the steps…
Janitha Tennakoon
  • 856
  • 11
  • 40
2
votes
1 answer

OWASAP ZAP vulnerability diagnosis cannot be performed with services using Firebase

I use OWASP ZAP to diagnose vulnerabilities in my own web service. However, the web service function does not work properly via the ZAP proxy. When I checked the ZAP log, an error occurred in the communication of the following URL, and the status…
Lycopene
  • 21
  • 1
2
votes
2 answers

zap-api-scan.py: How to limit the time / recursion / depth?

I have a command for zap-api-scan.py, but unlike zap-full-scan.py, there seems to be no way to limit these. via OWASP's official docker image: docker run -v $(pwd):/zap/wrk/:rw \ -t owasp/zap2docker-stable zap-api-scan.py \ -t…
tony
  • 870
  • 7
  • 16
2
votes
1 answer

ZAP Passive scan rules are part of scan even after disabing them

I am using ZAP docker image to perform API scans. I have disabled some passive scan rules in zap_started hook python script. Still, these are listed as part of the final report. Script to disable passive scan rules: pscan_id_list = [10003, 10015,…
Pradeep
  • 81
  • 8
2
votes
1 answer

ZAP active scan works in desktop but fails in docker image with url_not_in_context error

I am able to scan my API using ZAP desktop but fails with 'url_not_in_context' error in active scan from zap docker image. Context definition is exported from desktop and specified as argument to zap-api-scan.py. I am using zap2docker-stable image…
Pradeep
  • 81
  • 8
2
votes
1 answer

Error in jenkins when inserting execute ZAP in Build step

I have the last version of Jenkins and I have installed the OWASP Zap plugin with the latest version 2.10.0 I have an error in inserting Execute ZAP in the Build step. If I click save after having inserted it in the Build step, I got an error and in…
Arianna
  • 21
  • 1
2
votes
0 answers

How to solve/fix DOM XSS issue reported by OWASP ZAP?

I am using OWASP ZAP to scan my web-application, developed using asp.net framework/C#. I am being tasked by company to ensure NO error reported by OWASP ZAP. The OWASP ZAP reported this log: Issue: Cross Site Scripting (DOM…
davidtj
  • 41
  • 4
2
votes
1 answer

How to intercept and modify the response to a docker using owasp zap

I have docker application running on my desktop and also OWASP zap also running on my desktop. how would i configure OWASP ZAP so that any request going out will be intercepted and response be modifyed before it goes to the docker app.
kumar
  • 8,207
  • 20
  • 85
  • 176
2
votes
2 answers

Header Based Authentication in Owasp zap

I am trying to implement Owasp Zap scan. But I am unable to find script for header authentication How to add header authentication for the key value pair e.g key =api-key value = 123 docker run --rm -v…
Vakar
  • 31
  • 4
2
votes
1 answer

Owasp zap tool - How to get a list of passed and failed tests?

I'm using OWASP ZAP to scan a web application. After scanning I can export alerts I got as a PDF file. This PDF file includes only Alerts. The question is can I get a full list of all tests that passed and failed while scanning the app ? I know I…
Daniel Cretu
  • 21
  • 2
2
votes
1 answer

ASP.NET MVC 5 Azure App ZAP Scan indicates Proxy Disclosure vulnerability - how can we prevent that?

The ZAP scan report indicates that 2 proxy servers were detected or fingerprinted. It says it did both a GET and POST method to our url with attacks of TRACE, OPTIONS with Max-Forwards header, and TRACK method. We had already removed unnecessary…
user1368182
  • 423
  • 7
  • 18
2
votes
2 answers

Usage of 'Host' Header in Web Requests

I am looking at the http-requests in BurpSuite. I see a field named as 'Host'. What is the importance of this field? What happens if I change this field and then send the request? If I change the host header field to some other IP then would the…
Bhuvesh Gupta
  • 45
  • 2
  • 6
2
votes
1 answer

Unable to apply alert filter on alerts created in zap

I integrated ZAP scans (by proxying e2e tests) in our CI pipelines. I'm checking alert filter plugin to flag false positives. Due to organisational requirements we are supposed to generate two zap html reports Report without suppressing false…
Dileep17
  • 299
  • 3
  • 18
2
votes
2 answers

How to capture HTTP request in OWASP ZAP

I need to scan some APIs that only available on HTTP protocol. Let's say I'm testing http://example.com, I did follow commands export http_proxy=localhost:8080 export https_proxy=localhost:8080 curl http://example.com Redirecting to…
Lawrence Ching
  • 423
  • 7
  • 16
1 2
3
36 37