Can we single out an alert say "Web Browser XSS Protection Not Enabled" and rerun in ZAP Proxy

Question

Context :

We used OWASP Zed Attack Proxy version 2.7.0 to do vulnerability tests of an application. We got a few alerts, and is doing the resolution.

Problem :

We wanted to single out an alert say "Web Browser XSS Protection Not Enabled" and run the verification.

Solutions we are trying out :

One of the possibilities we are exploring is the mode of operation. We are now able to execute one of the modes of operation, like Standard,Attack etc... . Is there a way to customize the mode of operation and run a single alert ?

score 3 · Accepted Answer · answered Feb 01 '18 at 11:03

Yes, you just need to enable the specific scan rule and disable all of the others. The easiest way to do this is to configure the scan policy in the desktop UI and then to export it. You can then use it for automated scans.

In this case the alert is a passive one. Have you checked out the baseline scan? https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan

We use this at Mozilla to sanity check 100s of sites every day. You can easily generate a config file and then change it using a text editor so that it only reports the issues you are interested in.

Thank you Simon, This helped us to get into the right path. – arunvg Feb 02 '18 at 04:09 — arunvg, Feb 02 '18 at 04:09

Can we single out an alert say "Web Browser XSS Protection Not Enabled" and rerun in ZAP Proxy

1 Answers1