OWASP Zap警报名称
[英]OWASP Zap alert names
问题描述
I am looking for documentation describing all possible alert names in ZAP. 
我正在寻找描述ZAP中所有可能的警报名称的文档。 Web search is not bringing anything useful, but I am writing an automated test that will detect any injection vulnerabilities of a target. 网络搜索没有带来任何有用的信息,但我正在编写一个自动测试,它将检测目标的任何注入漏洞。 Currently, I have only detected 'Remote OS Command Injection', but I would like to know the exact spelling of other potential ones eg, SSI injection, or XML External Entity. 目前,我仅检测到“远程OS命令注入”,但我想知道其他可能的确切拼写,例如SSI注入或XML外部实体。 Many thanks. 非常感谢。
1 个解决方案
解决方案1
2 2018-01-18 15:48:41
Here you can find the list of all the rules that Zap loads, and those rules are what generates the alerts. 在这里,您可以找到Zap加载的所有规则的列表,这些规则是生成警报的原因。 You should have the rule id in the alert generated by Zap, so you can use that. 您应该在Zap生成的警报中具有规则ID,以便可以使用它。 Also, you customize some rules thresholds for your need - all documented on Zap's wiki. 另外,您可以根据需要自定义一些规则阈值-全部记录在Zap的Wiki中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.