Active Scan with a custom Scan Policy

60 views
Skip to first unread message

Eswar

unread,
Jul 3, 2019, 10:21:37 AM7/3/19
to OWASP ZAP HUD Group
Hello Team. 

I am checking out ZAP HUD and finding it useful. Thank you. 

I have a quick question about using custom Scan Policy. 

Is it possible to use a custom Scan Policy while performing Active Scan from HUD? Usually I would select a custom Policy from the 'policy tab' in the Active Scan dialog. But couldn't figure out how to do this from HUD. Am I overlooking something obvious? 

Thanks
Eswar

Simon Bennetts

unread,
Jul 3, 2019, 10:42:16 AM7/3/19
to OWASP ZAP HUD Group
Hi Eswar,

Good to hear you're finding the HUD useful :)

Being able to specify a custom scan policy is one of the many things the HUD doesnt support yet.
It probably wouldnt be too much work to add the option to choose the policy, but adding the ability to add and edit scan policies could be quite a bit more work :/
But feel free to raise this as an enhancement request: https://github.com/zaproxy/zap-hud/issues

Cheers,

simon

Eswar

unread,
Jul 3, 2019, 10:50:21 AM7/3/19
to OWASP ZAP HUD Group
Thanks Simon. 

I think, ability to chose an option would be great for now. The intention is we define Scan Policy and share it across multiple teams. Teams will then just import this policy and use them during their Active Scan. Rather than running against all the available scanners. 

I will create an enhancement request. 

Regards
Eswar

Simon Bennetts

unread,
Jul 3, 2019, 11:02:48 AM7/3/19
to OWASP ZAP HUD Group
Ah ok, I can see why having the option to choose scan policies without the ability to create them via the HUD would be useful then :)
We deliberately limited the functionality in the HUD so that we could release it sooner.
Feedback like this is great as it helps us understand what we should focus on next.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages