Collaborate Disseminate
A Zap scan against an app detected the “Web Browser XSS Protection Not Enabled” vulnerability on sitemap and favicon. Would it be safe to ignore those URLs or does it mean that the app is vulnerable?
Here is the full output on favicon:
{… Continue reading Are files like favicon.ico, robots.txt, and sitemap.xml vulnerable to XSS?
I have a web application with a log in page.
In the log in page, I’ve set maxlength for the username input and the password input, which looks like the code below.
@Html.TextBoxFor(m => m.Username, new { @maxlength=”30″})
I downloaded a Zap addon here : https://drive.google.com/file/d/0BxnT8mQMY9e2aHBJT2hpOWhHV00/edit
Now I wanted to import it in my Owasp Zap but I get the following error :
It says : “cannot load specified addon : not before… Continue reading Cannot Import Zap AddOn in Owasp Zap latest version [closed]
I’m reading a book and it was cited an this blog article : https://zaproxy.blogspot.com/2017/04/exploring-apis-with-zap.html
The problem here is that an old plugin called SOAP Scanner is not available anymore. I was suppose t… Continue reading ZAP SOAP Scanner not available anymore
I’m trying to find SQL injection vulnerability in DVWA with OWASP ZAP. After some clicking through the page I have a small site map:
I ran Active scan, Spider and AJAX spider on the GET:sqli node. As you can see in the scr… Continue reading OWASP ZAP submit forms
I am trying to configure ZAP on an Android device using a hotspot connection opened on another Android device.
I followed the setup instructions available here: https://security.secure.force.com/security/tools/webapp/zapandroidsetup I als… Continue reading Unable to connect to internet after setting up ZAP configuration on Android using a hotspot connection
I am new to security testing and I’m confused about two web proxy tools, namely Burp and OWASP ZAP.
Both seem to fulfill the same task, so what exactly are the differences between them?
Continue reading What are the differences between Burp and OWASP ZAP?
Using OWSAP ZAP 2.8.0
On Ubuntu 19.04
With openjdk version 11.0.3 installed
When clicking the “Launch Browser” button on ZAP to launch the HUD enabled browser for ZAP, no browser is launched and an error is printed in the terminal (fu… Continue reading ZAP Proxy unable to launch browser invalid argument: can’t kill an exited process
This question already has an answer here:
Password shows as plaintext via burp suite interception for HTTPS request, is it an issue?
1 answer
… Continue reading UserName and Password information can be seen on https [duplicate]
I need to build an automated tool that will be able to login to any website supporting basic auth to perform an authenticated scan with OWASP Zap (credentials provided). Here is what I have in mind: using python requests libr… Continue reading Implementing generic login for Zap