HelpAddonsAscanrulesAlphaAscanalpha

Active Scan Rules - alpha

The following alpha quality active scan rules are included in this add-on:

Cookie Slack Detector

Tests cookies to detect if some have no effect on response size when omitted, especially cookies containing the name "session" or "userid"

Example File Active Scanner

This implements an example active scan rule that loads strings from a file that the user can edit. For more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html

Example Simple Active Scanner

This implements a very simple example active scan rule. For more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html

Expression Language Injection

The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration. +

Format String Error

Looks for indicators of format string handling errors in compiled code. It does this by putting out strings of input text based upon characters compiled C code anticipates to produce formatted output and look for code crash and abnormal session closures.

Source Code Disclosure - File Inclusion

Uses local file inclusion techniques to scan for files containing source code on the web server.

Source Code Disclosure - Git

Uses Git source code repository metadata to scan for files containing source code on the web server.

HTTPS As HTTP Scanner

This active scanner attempts to access content that was originally accessed via HTTPS (SSL/TLS) via HTTP.