security talk & philosophizing



Tag: owasp

  • ZAP and it’s terrifying problems

    I really want to use ZAP. It’s free, it’s good, but I have some significant issues with it that give me grave concerns in its usage. Attacking Out of Scope Targets I have a site I test for work. It’s in a test environment. The web application has links to google api’s, Mozilla libraries, etc.…

    Read more...

  • OWASP ZAP: Be Mindful of DOM Level XSS

    OWASP ZAP: Be Mindful of DOM Level XSS

    In testing some internal projects I came across a problem with ZAP where it ran off the rails, so-to-speak. While I had given ZAP a specific target, when it reached the Active Scan portion, it stated hitting other servers in the system that where not in scope. The test was kicked off using Zap 2.12’s…

    Read more...