Tag: owasp
-
ZAP and it’s terrifying problems
I really want to use ZAP. It’s free, it’s good, but I have some significant issues with it that give me grave concerns in its usage. Attacking Out of Scope Targets I have a site I test for work. It’s in a test environment. The web application has links to google api’s, Mozilla libraries, etc.…
-
OWASP ZAP: Be Mindful of DOM Level XSS
In testing some internal projects I came across a problem with ZAP where it ran off the rails, so-to-speak. While I had given ZAP a specific target, when it reached the Active Scan portion, it stated hitting other servers in the system that where not in scope. The test was kicked off using Zap 2.12’s…
Recent Posts
- Wazuh: When things go wrong
- CSRF Exploitation
- ZAP and it’s terrifying problems
- Getting Data on Usernames
- Installing GHunt
Tags
App Archive.org CSRF dashboard EDR elasticsearch elk email Exercise EXIF filebeat GHunt Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata Wazuh ZAP