stackoom
  简体   繁体   中英

How to analyze OWASP ZAP scan results effectively

 原文  2020-01-28 15:26:02       owasp/ zap

Question

How to analyze OWASP ZAP scan results effectively

After a run, I am getting a lot of URL's which are not vulnerabilities. Is there anyway that we can analyze the reports easily.

2 answers

solution1
 1  2020-01-28 15:52:17

The ZAP HTML report should only contain potential issues. If its including things that you think are not issues then you'll need to let us know what they are. Note that

solution2
 0  2021-09-01 12:50:48

I propose a strategy:

  1. Run the scan
  2. Take the highest severity finding
  3. Read about it and check with development/other team members is is an issue or not
  4. Continue with the next finding on the list
  5. Repeat steps 2-4

After that, you will be able to eliminate or address most of the findings, so in the next iteration, you can exclude the non-issues from the scan.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to authenticate with OWASP ZAP baseline scan Passive Scan in OWASP ZAP OWASP ZAP Passive scan script OWASP ZAP - Scan a list of url Configure - OWASP ZAP Automated Scan How to run OWASP Zed Attack Proxy ZAP's zap-api-scan.py without requiring docker How to add a parameter in every http request in docker ZAP OWASP zap-full-scan OWASP/ZAP dangling when trying to scan Owasp Zap: spider scan stops at 99% OWASP | ZAP | SQL Injection | Scan Report
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM