search

intruxxer / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Port the watcher passive checks #244

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Watcher is an open source passive scanner: http://websecuritytool.codeplex.com/
It includes loads of useful checks, and has some very useful test pages: 
http://www.nottrusted.com/watcher/

It would be great if some or all of these could be ported to ZAP, and these 
could be a great way to get started for anyone who is new to ZAP development.

So ... have a look at the testpages and update this issue if you are going to 
try to implement one of the checks.

Note that these should be implemented as passive scanner rules: 
http://code.google.com/p/zaproxy/wiki/ScannerRules

If you have any implementation questions please post to the dev forum 
http://groups.google.com/group/zaproxy-develop so everyone can benefit, and 
we'll try to improve the wiki as well.

Original issue reported on code.google.com by psii...@gmail.com on 24 Nov 2011 at 4:55

GoogleCodeExporter commented 9 years ago 
Just added a wiki page  to cover all of these: 
https://code.google.com/p/zaproxy/wiki/WatcherRules - please update this if you 
are working on any of them

Original comment by psii...@gmail.com on 30 Dec 2011 at 3:04

GoogleCodeExporter commented 9 years ago 
Would like to take the porting of Check.Pasv.Java.ViewState.cs to refresh the 
JSF knowledge and get a touch of passive scanning rules development. Should 
take about a week I guess having looked briefly at the original CS code, but 
the updates will follow)

Original comment by serge....@gmail.com on 6 Oct 2012 at 6:26

GoogleCodeExporter commented 9 years ago 
Great :)
I've updated the wiki page - let us know if you have any questions.

Many thanks,

Simon

Original comment by psii...@gmail.com on 8 Oct 2012 at 9:01