zap – Page 8 – WindowsTechs.com

Cross Site Scripting on a Unique Key

Posted on August 20, 2018 by harrys

Is it possible to perform a cross-site scripting attack by entering my script into a field that is required to match a specific value?

I am scanning an application for vulnerabilities, and my scanning tool (OWASP ZAP) is ret… Continue reading Cross Site Scripting on a Unique Key→

Is there a way to find out what information website queries about us?

Posted on August 20, 2018 by Anton

What tool or software should I look for to find out what “fingerprinting” data
a website is tracking?

Like, I want to know, if website looks for a cache and/or fonts installed in system, or Canval, WebGL methods. There was… Continue reading Is there a way to find out what information website queries about us?→

OWASP ZAP: How to use TLS client certificate authentication?

Posted on August 17, 2018 by harrys

Is there a way to get OWASP ZAP to send a client certificate?

I have an HTTPS website that receives client certificates for authentication. I have the certificates installed in the browser. Previously, when I went to the web… Continue reading OWASP ZAP: How to use TLS client certificate authentication?→

False positive SQL Injection by ZAP with adding new parameter query

Posted on August 17, 2018 by Hima

I have a spring MVC web application and am running ZAP Active scan on it.

I noticed that ZAP will modify URL , and add additional parameter named query and value query+AND+1%3D1+–+ to test SQL Injection. And in my case, it raise HIGH ME… Continue reading False positive SQL Injection by ZAP with adding new parameter query→

OWASP ZAP Gateway timeout?

Posted on August 7, 2018 by OHMR

I’m trying to setup ZAP to run as a part of my build definition in TFS.

Whenever the build is running, I can see that the call is reaching ZAP and the spider will start scanning.

It seems to successfully grab a few director… Continue reading OWASP ZAP Gateway timeout?→

How to turn on redirection in OWASP ZAP’s fuzzer?

Posted on August 1, 2018 by Then008

While testing an application I realized that in ZAP when a request is fuzzed, the response of the fuzzed request doesn’t follow redirects. How do I alter this default behavior?

Continue reading How to turn on redirection in OWASP ZAP’s fuzzer?→

Highlighting Multiple Fields for Fuzzing

Posted on July 26, 2018 by john_zombie

Is there a way to highlight multiple form fields to fuzz in the request fields instead of having to manually highlight each field in OWASP zap?

Continue reading Highlighting Multiple Fields for Fuzzing→

Unable to use firefox as browser for ajax spider in OWASP ZAP 2.7.0

Posted on July 25, 2018 by skr

I tried using firefox as browser for ajax spider and I get the error message “Unable to start firefox. Is Firefox installed/enabled?”. I am also not able to use “Internet explorer” with ajax spider. The only browser that wor… Continue reading Unable to use firefox as browser for ajax spider in OWASP ZAP 2.7.0→

Tool that Scans and Fuzzes all form fields in a webapp

Posted on July 24, 2018 by john_zombie

I was wondering if there was a tool that can be automated in order to scan and fuzz all form fields in a web application when authenticated. I know of OWASP-zap but the problem is I have to manually fuzz all fields every time… Continue reading Tool that Scans and Fuzzes all form fields in a webapp→

How to redirect any response to an arbitrary location in OWASP ZAP’s request editor?

Posted on July 20, 2018 by Then008

I am trying to find stored XSS in an application. Luckily, the application allows me to insert and edit the description of myself that is displayed to anyone visiting my profile.

The location where I edit my description: http://example/e… Continue reading How to redirect any response to an arbitrary location in OWASP ZAP’s request editor?→