简体繁体中英

Can we single out an alert say “Web Browser XSS Protection Not Enabled” and rerun in ZAP Proxy

原文 2018-02-01 06:29:29 5 1 java/ security/ zap/ security-testing

Context :

We used OWASP Zed Attack Proxy version 2.7.0 to do vulnerability tests of an application. We got a few alerts, and is doing the resolution.

Problem :

We wanted to single out an alert say "Web Browser XSS Protection Not Enabled" and run the verification.

Solutions we are trying out :

One of the possibilities we are exploring is the mode of operation. We are now able to execute one of the modes of operation, like Standard,Attack etc... . Is there a way to customize the mode of operation and run a single alert ?

1 answers

Yes, you just need to enable the specific scan rule and disable all of the others. The easiest way to do this is to configure the scan policy in the desktop UI and then to export it. You can then use it for automated scans.

In this case the alert is a passive one. Have you checked out the baseline scan? https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan

We use this at Mozilla to sanity check 100s of sites every day. You can easily generate a config file and then change it using a text editor so that it only reports the issues you are interested in.

OWASP ZAP Proxy freezes

How to create a web service proxy? Can we generate @Endpoints?

can we run multiple selenium WebDriver scripts in a single browser?

How can I work around with “Vector smash protection is enabled”?

How can I make JavaFX web browser displays alert and confirm message

Java website protection solutions (especially XSS)

How to Connect to a web service (SSL enabled and proxy interface)

How/Why can we say that the functional interfaces in java 8 are marker interfaces

Can we say that a method-local class is a type of Inner class?

Can we say that the reference variable pointing to an immutable object is a constant variable?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OWASP ZAP Proxy freezes How to create a web service proxy? Can we generate @Endpoints? can we run multiple selenium WebDriver scripts in a single browser? How can I work around with “Vector smash protection is enabled”? How can I make JavaFX web browser displays alert and confirm message Java website protection solutions (especially XSS) How to Connect to a web service (SSL enabled and proxy interface) How/Why can we say that the functional interfaces in java 8 are marker interfaces Can we say that a method-local class is a type of Inner class? Can we say that the reference variable pointing to an immutable object is a constant variable?

Related Tags

Can we single out an alert say “Web Browser XSS Protection Not Enabled” and rerun in ZAP Proxy

Question

1 answers

solution1 3 ACCPTED 2018-02-01 11:03:34

solution1
3 ACCPTED 2018-02-01 11:03:34