--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johanna,
IANAL either, but I would *NOT* advise scanning any site even in this harmless manner without first carefully reading that site's ToS agreement. One of my former employers did not permit this, in part because they considered it a precursor to a possibly pending attack as an attempt to do reconnaissance. (It was mentioned in their ToS though.)
-kevin
Sent from my Droid; please excuse typos.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Johanna CurielOWASP Volunteer
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
docker pull owasp/zap2docker-weekly
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Johanna CurielOWASP Volunteer
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
--Johanna CurielOWASP Volunteer
docker run -t owasp/zap2docker-weekly zap-baseline.py -t http://testasp.vulnweb.com
May 17, 2016 4:15:53 PM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
Total of 20 URLs
PASS: Cookie Without Secure Flag [10011]
PASS: Incomplete or No Cache-control and Pragma HTTP Header Set [10015]
PASS: Cross-Domain JavaScript Source File Inclusion [10017]
PASS: Content-Type Header Missing [10019]
PASS: Information Disclosure - Debug Error Messages [10023]
PASS: Information Disclosure - Sensitive Informations in URL [10024]
PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025]
PASS: Information Disclosure - Suspicious Comments [10027]
PASS: Viewstate Scanner [10032]
PASS: Secure Pages Include Mixed Content [10040]
PASS: Weak Authentication Method [10105]
PASS: Private IP Disclosure [2]
PASS: Session ID in URL Rewrite [3]
PASS: Script passive scan rules [50001]
PASS: Insecure JSF ViewState [90001]
PASS: Charset Mismatch [90011]
PASS: WSDL File Passive Scanner [90030]
WARN: Cookie No HttpOnly Flag [10010] x 140
http://testasp.vulnweb.com/Templatize.asp?item=html/about.html
http://testasp.vulnweb.com/Default.asp
http://testasp.vulnweb.com/Search.asp
WARN: Password Autocomplete in Browser [10012] x 92
http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
http://testasp.vulnweb.com/Login.asp?RetURL=%2FSearch%2Easp%3F
WARN: Web Browser XSS Protection Not Enabled [10016] x 145
http://testasp.vulnweb.com/robots.txt
http://testasp.vulnweb.com/sitemap.xml
http://testasp.vulnweb.com/Templatize.asp?item=html/about.html
WARN: X-Frame-Options Header Not Set [10020] x 145
http://testasp.vulnweb.com/robots.txt
http://testasp.vulnweb.com/sitemap.xml
http://testasp.vulnweb.com/Templatize.asp?item=html/about.html
WARN: X-Content-Type-Options Header Missing [10021] x 145
http://testasp.vulnweb.com/robots.txt
http://testasp.vulnweb.com/sitemap.xml
http://testasp.vulnweb.com/Templatize.asp?item=html/about.html
WARN: HTTP Parameter Override [10026] x 94
http://testasp.vulnweb.com/Search.asp
http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
WARN: Absence of Anti-CSRF Tokens [40014] x 94
http://testasp.vulnweb.com/Search.asp
http://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Login.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
WARN: Application Error Disclosure [90022] x 47
http://testasp.vulnweb.com/Search.asp?tfSearch=ZAP
http://testasp.vulnweb.com/Register.asp?RetURL=%2FDefault%2Easp%3F
http://testasp.vulnweb.com/Register.asp?RetURL=%2FTemplatize%2Easp%3Fitem%3Dhtml%2Fabout%2Ehtml
http://testasp.vulnweb.com/Register.asp?RetURL=%2FSearch%2Easp%3F
http://testasp.vulnweb.com/Register.asp?RetURL=%2Fshowforum%2Easp%3Fid%3D1
WARN: Loosely Scoped Cookie [90033] x 233
http://testasp.vulnweb.com/Templatize.asp?item=html/about.html
http://testasp.vulnweb.com/Default.asp
FAIL: 0 WARN: 9 IGNORE: 0 PASS: 17
Yep, thats it :)
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Johanna CurielOWASP Volunteer
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
--Johanna CurielOWASP Volunteer
--Johanna CurielOWASP Volunteer
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.