How to Make OWASP ZAP Scan Results More Specific for Certain Folders or Endpoints?
Jonathan Wilbert Gunawan
Hi everyone, I’m using OWASP ZAP to perform vulnerability scans on my website, but I’m facing an issue where the scan results are too generic. For example, when scanning the domain evil.com, ZAP only reports findings like "X-Content-Type-Options Header Missing" on a few main URLs, such as:
However, within the folder /v1, there are many subfolders and API endpoints. I’d like to know which specific folder or endpoint has issues so I can address them more effectively.- How can I configure OWASP ZAP to make the scan results more specific, focusing on a particular folder like evil.com/v1 and its subfolders?
- Are there any recommended configurations or scan policies for scanning folders with multiple endpoints?
psiinon
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/zaproxy-develop/c3bf5057-70d8-4b7d-9989-057e26f88a0bn%40googlegroups.com.
--
Jonathan Wilbert Gunawan
Hi,
Thank you for your response! Just to clarify, I am indeed using ZAP as part of a development project. Specifically, I’m working on building a custom vulnerability scanning tool that integrates ZAP as the scanning engine.
My goal is to optimize the way ZAP identifies and reports vulnerabilities in specific folders or endpoints during development. I’m looking for advice on how to configure it effectively for such use cases.
If this question is still more suitable for the ZAP User Group, I’ll be happy to ask there instead. Thank you for the clarification about the project’s status as well!
Best regards,
Jonathan