![]() It prevents you to scan an unwanted websiteĢ - Sites: All the sites you access via the ZAP Proxy will be listed here. Protected Mode: Allow you to scan websites in a particular scope.Safe Mode: Turns off all the harmful features while scanning.Attack Mode: Active scans any websites.Standard Mode: Allows you to do anything to any website.On the following screen I enumerated windows with 4 sections.ġ - Modes : On the upper-left of the screen you see modes. Let’s have a brief look to the ZAP UI layout to understand the basics. And only run the active scan for the sites you have permission! So when you really test your website against security issues deploy it to a new environment and run the active scan. Active scan does modify data and can insert malicious scripts to the website. What is active scan?Īctive scan, attacks the website using known techniques to find vulnerabilities. And be aware that you can not detect even a SQL Injection with passive scan. As you know OWASP number 1 vulnerability in 2018 is still Injection. So it’s really safe for the websites that we don’t have permission. Passive scan doesn’t modify your website data. In terms of penetration test, a passive scan is a harmless test that looks only for the responses and checks them against known vulnerabilities. For now let’s keep it default “No,I do not want to persist the session” Image 2: Default Startup Dialog of Owasp Zap What Is the Difference Between Active
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |