Types of scans performed by OWASPZAP

1.2k views Asked by At

I have started working with OWASPZAP (Manual Scans) and till now the learning and simultaneous execution had been exciting.

I did a Passive Scan on our Application and have found 3 Alerts and have interpreted the Description / OtherInfo / Solution / Reference which are as follows:

  • X-Frame-Options Header Not Set: (Risk: Medium, Confidence: Medium, Parameter: X-Frame-Options)
  • Web Browser XSS Protection Not Enabled: (Risk: Low, Confidence: Medium, Parameter: X-XSS-Protection)
  • X-Content-Type-Options Header Missing: (Risk: Low, Confidence: Medium, Parameter: X-Content-Type-Options)

My questions are:

  • Is there a way to know about the type of scans OWASPZAP would perform before the Scan starts?
  • Are the Scans (Manual) configurable?
  • Is there any documentation on the types of scans OWASPZAP (manual) performs?

Note: Of-coarse the question directly involve tools (e.g. OWASPZAP) used primarily for programming.

1

There are 1 answers

1
kingthorin On BEST ANSWER

There's a wiki page that covers "ZAPping the top 10"

There are a number of help pages available with descriptions of the various scan rules or plugins: Active Scan:

Passive Scan:

You can create a Standalone script to run within ZAP to get the details of Active Scanners: https://github.com/zaproxy/community-scripts/blob/master/standalone/Active%20scan%20rule%20list.js. Using a weekly release (newer than early March 2018) or the next stable release (2.8.0 or whatever) you'll be able to do something similar for passive scan rules leveraging ExtensionPassiveScan.getPluginPassiveScanners()

Creating Active Scan Policy(ies) can be done via the Scan Policy Manager Dialog. Active Scan policies can be saved, exported, and imported.
Enabled/disabling Passive Scan rules can be done via the Options Passive Scan Rules screen. (A Passive Scan "policy" can be established programmatically as discussed here -> https://stackoverflow.com/a/51288461/7718222)