Next to it is Forced Browse tab used for discovering files and directories. The next tab is the Spider tab, used for displaying the list of current crawled links. Here you can view the current process of scanning (links that are current processed).Īlso here, as a feature (by clicking the icon on the left side of the progress bar), is the view of plugins that are running during the scan. The general information gives the details of the alert in which the following information is included:Īfter the Alert tab is the Active Scan tab. On Figure 8, as you can see above,the Alert information is displayed, which is composed of: general information of the Alert, Description, Other info, Solution and Reference. If you double click on the alert, you can edit its information, and if you right click, you can perform the same options and operations as mentioned in the previous History tab. On the left part of the tab, you can see the tree view of the detected alerts sorted by priority (form high to low). There are four types of priority alerts: Informational ( blue color), Low ( yellow color), Medium ( orange color) and High ( red color) In the Alert tab, you can find all the priority alerts that occurred during the scanning session. After the Break Points tab comes Alerts tab. There isn’t much to explain here, just to know that on specified links, breakpoints could be put. Here you can search for particular links or filter links by type. Next to the History tab is Search tab, where you can view all the links that were crawled. There are options such as making notes for you target, adding tags to it, exclude or include from, etc… If you press right click on some of the links (that is if you previously finished with the scanning), you can see additional options and operations that could be performed.
Here, you can view the links of all web applications that previously were scanned.
On the bottom, there is a group of tabs reserved for the current scanning session.
You can start the scanning process with entering the link of your web application on the right side and just click on “Attack” in order to start.Īs you can see from the Figure 2, when you perform the scan on the left side, there is a tree display of the scanned links. At first impression of OWASP ZAP, you may find that it is pretty simple to use.
0 kommentar(er)
