-
```
Watcher is an open source passive scanner: http://websecuritytool.codeplex.com/
It includes loads of useful checks, and has some very useful test pages:
http://www.nottrusted.com/watcher/
It wou…
-
It occurred to me the other day that there are some good tools for doing graphs/webs in JS (ex: d3js) and that perhaps someone could implement a HUD'ified version of Call Graph (https://github.com/zap…
-
ZAP baseline provides [hooks](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan#scan-hooks) to perform an authenticated scan. It would be good to have an example on how to configure it.
-
Pen-Test Your System
- Try to test for vulnerabilities in your project by using wmap, [zaproxy](https://www.zaproxy.org/getting-started/), or any of the tools in the [list of OWASP vulnerability sc…
-
-
**Describe the bug**
The web app I tested https://github.com/akilaweerat/mongodbvuln-python
uses the following pay load for authentication
[{"name":"username","value":"admin"},{"name":"password…
-
I am getting error saying "`Modern Web Application`"
After checking OWASP Documentation link: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
It shows that we should use Ajax based spider t…
-
I have been able to use zap-cli in the official owasp zap docker container. With a preconfigured context for login against a sample target site (juiceshop for example) the spider does not stop.
I…
-
Hi,
I was running the bdd-security application against a web application, having a normal login and which is hosted in my local machine.
I am running with the inbuilt zap coming along with the fra…
-
Delighted to see this - its something I'd like to have done myself but have never had the time ;)
I've just referenced it on the ZAP Dev group: https://groups.google.com/d/msg/zaproxy-develop/IFXWbmRc…