-
-
Notifications
You must be signed in to change notification settings - Fork 720
HelpAddonsAscanrulesAlphaAscanalpha
The following alpha quality active scan rules are included in this add-on:
Tests cookies to detect if some have no effect on response size when omitted, especially cookies containing the name "session" or "userid"
This implements an example active scan rule that loads strings from a file that the user can edit. For more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html
This implements a very simple example active scan rule. For more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html
The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.
Looks for indicators of integer overflows in compiled code that causes the web server to crash. It does this by putting out multiple strings of integers designed to try and stimulate bad responses.
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
Uses local file inclusion techniques to scan for files containing source code on the web server.
Uses Git source code repository metadata to scan for files containing source code on the web server.
This active scanner attempts to access content that was originally accessed via HTTPS (SSL/TLS) via HTTP.
This active scanner checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The scanner compares the response statuscode and the hashcode of the response body with the original response.