-
```
What steps will reproduce the problem?
1. Active scan "directory_traversal_2.php" in bWAPP with "Path Traversal" rule.
(bWAPP => http://www.itsecgames.com/)
2. No alert is raised.
3. But, it is …
-
I can't tell if this is an issue with Mechanize, Rubocop, or Ruby 2.4.0, but, `Mechanize#get` will cause Ruby & Rails to segmentation fault if mechanize is bundled *before* rubocop.
_Update: this a…
-
Scanners show wrong quality after installation:
Steps to reproduce the issue:
1. Run ZAP (2.4.2), without add-ons with scanners (so that's easier to reproduce the issue);
2. Install add-ons with activ…
-
```
I was comparing Burp and Zap and performed scans from both of these platforms. I was
scanning WebGoat v6.0.1 Build: 118
What steps will reproduce the problem (Zap)?
1. Run spiders
2. Run the acti…
-
Hello All,
GORM v2 is under active development (https://github.com/jinzhu/gorm/tree/v2_dev), going to release in the next two months.
Before that, I am *NOT* going to merge any pull requests bas…
-
I'm running OWASP ZAP as part of an automated CI/CD process. I am doing a spider and active scan. The report showed that there is a Path Traversal vulnerability.
This is an Angular 2 site and the j…
-
The current version of urllib3 normalizes the request path when using the python requests module like this:
```
requests.get('http://server/vpn/../vpns/newbm.pl')
```
This will result in the r…
-
ZAP scores pretty badly against OWASP Benchmark :(
https://rawgit.com/OWASP/Benchmark/master/scorecard/Benchmark_v1.2beta_Scorecard_for_OWASP_ZAP.html
To start with this is because ZAP cannot complete…
-
I'm having a real hard time getting a scan with ZAP against OWASP Benchmark 1.2 to complete. I think the primary culprit is its getting stuck during the PathTraversal scans. I looked in the log and s…
-
I noticed a false positive in the path traversal logic of ZAP and wanted to report it such that the check can be improved upon.
"alert": "Path Traversal",
"name": "Path Traversal",…