How it works...
OWASP ZAP has the ability to perform active and passive vulnerability scans; passive scans are unintrusive tests that OWASP ZAP makes while we browse, send data, and click links. Active tests involve the use of various attack strings against every form variable or request value in order to detect if the servers respond with what we can call a vulnerable behavior.
OWASP ZAP has test strings for a wide variety of technologies; it is useful first to identify the technologies that our target uses, in order to optimize our scan and diminish the probability of being detected or causing a drop in the service.
Another interesting feature of this tool is that we can analyze the request that results in the detection of a vulnerability ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access