Collaborate Disseminate
Is it possible to perform a cross-site scripting attack by entering my script into a field that is required to match a specific value?
I am scanning an application for vulnerabilities, and my scanning tool (OWASP ZAP) is ret… Continue reading Cross Site Scripting on a Unique Key
What tool or software should I look for to find out what “fingerprinting” data
a website is tracking?
Like, I want to know, if website looks for a cache and/or fonts installed in system, or Canval, WebGL methods. There was… Continue reading Is there a way to find out what information website queries about us?
Is there a way to get OWASP ZAP to send a client certificate?
I have an HTTPS website that receives client certificates for authentication. I have the certificates installed in the browser. Previously, when I went to the web… Continue reading OWASP ZAP: How to use TLS client certificate authentication?
I have a spring MVC web application and am running ZAP Active scan on it.
I noticed that ZAP will modify URL , and add additional parameter named query and value query+AND+1%3D1+–+ to test SQL Injection. And in my case, it raise HIGH ME… Continue reading False positive SQL Injection by ZAP with adding new parameter query
I’m trying to setup ZAP to run as a part of my build definition in TFS.
Whenever the build is running, I can see that the call is reaching ZAP and the spider will start scanning.
It seems to successfully grab a few director… Continue reading OWASP ZAP Gateway timeout?
While testing an application I realized that in ZAP when a request is fuzzed, the response of the fuzzed request doesn’t follow redirects. How do I alter this default behavior?
Continue reading How to turn on redirection in OWASP ZAP’s fuzzer?
Is there a way to highlight multiple form fields to fuzz in the request fields instead of having to manually highlight each field in OWASP zap?
I tried using firefox as browser for ajax spider and I get the error message “Unable to start firefox. Is Firefox installed/enabled?”. I am also not able to use “Internet explorer” with ajax spider. The only browser that wor… Continue reading Unable to use firefox as browser for ajax spider in OWASP ZAP 2.7.0
I was wondering if there was a tool that can be automated in order to scan and fuzz all form fields in a web application when authenticated. I know of OWASP-zap but the problem is I have to manually fuzz all fields every time… Continue reading Tool that Scans and Fuzzes all form fields in a webapp
I am trying to find stored XSS in an application. Luckily, the application allows me to insert and edit the description of myself that is displayed to anyone visiting my profile.
The location where I edit my description: http://example/e… Continue reading How to redirect any response to an arbitrary location in OWASP ZAP’s request editor?