-
-
Notifications
You must be signed in to change notification settings - Fork 751
HelpAddonsAscanrulesAlphaAscanalpha
psiinon edited this page May 7, 2015
·
16 revisions
The following alpha quality active scan rules are included in this add-on:
Looks for indicators of buffer overflows in complied code. It does this by putting out large strings of input text and look for code crash and abnormal session closure.
Tests cookies to detect if some have no effect on response size when omitted, especially cookies containing the name "session" or "userid"
This implements an example active scan rule that loads strings from a file that the user can edit.
For
more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html
For more details see: http://zaproxy.blogspot.co.uk/2014/04/hacking-zap-4-active-scan-rules.html The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP)
using externally-influenced input from an upstream component, but it does not neutralize or incorrectly
neutralizes special elements that could modify the intended EL statement before it is executed. In certain
versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language
tags would be evaluated twice, which effectively exposed any application to EL injection. However, even
for later versions, this weakness is still possible depending on configuration.
Uses local file inclusion techniques to scan for files containing source code on the web server.
Uses Git source code repository metadata to scan for files containing source code on the web server.
This active scanner attempts to access content that was originally accessed via HTTPS (SSL/TLS) via HTTP.