how to test HTTP strict transport security (hsts) in OWASP ZAP tool.

[Vemana]

Hi Friends,

Could you please let me know how to test the HTTP strict transport security (hsts) through  OWASP ZAP tool ?

I did not see this Test under the passive scan rules.

Thanks in advance.

Vemana

[thc...@gmail.com]

Hi.

The scanner "Strict-Transport-Security Header Scanner" is (currently)
included in the add-on "Passive scanner rules (alpha)" [1], available in
the marketplace. [2]

(In the current version, 8, it's shown under a different name,
"Strict-Transport-Security Header Not Set".)


[1]
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsPscanrulesAlphaPscanalpha
[2]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons#marketplace

Best regards.

> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Chinthamreddy Bhaskar Reddy]

Hi Team ,

Can you somebody help to test HSTS using OWASP ZAP tool ? I'm using 2.12.0 version ZAP 

Thanks

Bhaskar

[kingthorin+owaspzap]

See previous reply