zap registering google.com to postgres notifications

[Max]

Hi!

When training zap with some basic tests including notification tests from postgres, zap then uses these notification feature during scanning. 

It registers google.com as a notifier which then means that during testing we deliver notifications to google. Google returns a 405 code. I do not want to allow zap to register external subscribers to these notifications. Is that possible somehow? Worst case I have to remove the subscriptions from the training but that's not ideal for obvious reasons. 

Thanks in advance!

Br

Max

[psiinon]

Hi Max,

ZAP does not send any notifications to Google, or any other third party.

Well, with the exception of the OAST Add-on which you have to configure to use 3rd party services.

We do use google.com in some of our scan rules, for example when testing for Remote File Inclusion.

However we are using this domain to test for the vulnerability not reporting it to Google in any way.

Cheers,

Simon