Avoiding false positive in zap by adding rules

Prakhash Sivakumar

unread,

Jun 13, 2016, 5:35:48 AM6/13/16

to OWASP ZAP Developer Group

Hi all,

is there is any way to avoid false positives by adding rules to zap ? if there is a way, please guide me to do the configuration.

Thanks

kingthorin+owaspzap

unread,

Jun 13, 2016, 8:06:00 AM6/13/16

to OWASP ZAP Developer Group

You'll have to be more specific about the problem you're trying to avoid and your configuration.

Do you have a context configured?
Have you made your technology selections when running the scan?

Documentation can be found here:
https://github.com/zaproxy/zap-core-help/wiki
https://github.com/zaproxy/zap-extensions/wiki

Prakhash Sivakumar

unread,

Jun 13, 2016, 10:13:15 PM6/13/16

to OWASP ZAP Developer Group

Hi,

I have already run the scan with all the configurations and figured out few reportings are actually false positives , so I want to get rid of that kind of reportings in later scannings, if I want to be more specific I want to have my own directory of reporting(false positives) that needs to be avoided by zap during the reporting time(or even when scanning).

is that possible to be done ?

thanks

psiinon

unread,

Jun 14, 2016, 2:19:47 AM6/14/16

to OWASP ZAP Developer Group

Yes, use Alert Content Filters: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAlertFiltersAlertFilter
These are now included in ZAP by default.
But please also report false positives to us so that we can improve the ZAP scan rules.

Simon

Message has been deleted

Prakhash Sivakumar

unread,

Jun 14, 2016, 3:01:34 AM6/14/16

to OWASP ZAP Developer Group

It's working :)

I'll report false positives

Thanks

Prakhash Sivakumar

unread,

Jun 14, 2016, 5:37:34 AM6/14/16

to OWASP ZAP Developer Group

Hi,

I have clicked on the alerts shown in the Alerts tab and edited an alert using "Edit alert" window, and added 'confidence" level to false positive. I was expecting it would be added under the "alert filter" option of the "session properties", but it is not added under that, and also I have checked in the session.properties file, there is no any entries added for denoting this operation.

1. Do I need to add these false positives one by one, is there are any other options to add it in bulk ?

2. Where are you maintaining these properties in zap, if not maintained in the session.properties file ?

Thanks

kingthorin+owaspzap

unread,

Jun 14, 2016, 6:37:48 AM6/14/16

to OWASP ZAP Developer Group

Alert Filter settings are part of context configuration. Settings applied via Alert Filters are not retro-active.

thc...@gmail.com

unread,

Jun 14, 2016, 7:52:00 AM6/14/16

to zaproxy...@googlegroups.com

Adding a little more info.

> I was expecting it would be added under the "alert filter" option of
the "session properties"

Allow to create a new alert filter rule based on an existing alert would
be an interesting feature to have, you are more than welcome to raise an
enhancement request to allow that. [1]

> 1. Do I need to add these false positives one by one, is there are any
other options to add it in bulk ?

There isn't (yet, there's an issue to allow bulk edits [2]).

> 2. Where are you maintaining these properties in zap, if not
maintained in the session.properties file ?

They are kept in the session (database files).

[1] https://github.com/zaproxy/zaproxy/issues/new
[2] https://github.com/zaproxy/zaproxy/issues/1603

Best regards.

Reply all

Reply to author

Forward