How to filter or remove the duplicate ZAP alerts
565 views
Skip to first unread message
Mohan PenTest
Sep 6, 2021, 5:02:11 AM9/6/21
to OWASP ZAP User Group
I am new to the ZAP tool and an active learner. I have few questions related to the ZAP tool. Your responses are much appreciated.
Question 1: My ZAP Active scan has given many duplicate alerts, is there any way we can remove the duplicates during the report generation or in the alerts tab ?. It’s becoming very hard to remove the duplicate alerts manually.
Question 2: At present we can generate the reports only in PDF,HTML format, is there any option we can generate reports in the Excel format as well ?.
Question 3: I have seen multiple payloads in the ZAP-> Fuzz scan. I have not seen any option to generate the random GUID to insert as a payload. Is there any way in the ZAP to generate the GUID values in the ZAP fuzz payload list ?
Thank you.
kingthorin+owaspzap
Sep 6, 2021, 4:09:39 PM9/6/21
to OWASP ZAP User Group
1. There shouldn't be duplicates. Chances are you aren't comparing apples and apples. You can limit # of alerts via the options panel. See the first two options here: https://www.zaproxy.org/docs/desktop/ui/dialogs/options/alert/
2. You can generate XML and manipulate it however you like. No, there isn't currently Excel output.
3. You can do a scripted payload generator to create anything you like.
Navneet Debbadi
Nov 10, 2021, 4:43:52 AM11/10/21
to OWASP ZAP User Group
Hi,
I am using Zap python API in our selenium python existing automation scripts to automate the Zap security tests.
In our existing Selenium +python automation framework, I have installed owasp python api v2.4 plugin to interact with Owasp Zap Tool via selenium scripts.
When I run my scripts in selenium python, the generated Zap reports should only have only Medium and High Level Alerts by eliminating Alerts of other Risk levels
Can someone help with how can we achieve Alert filteration in Zap reports via Zap python API through selenium code.
For example:- In generated report , I want to remove alerts related to Low and Informational via python script. How can we acheive this?
I am using Zap python API in our selenium python existing automation scripts to automate the Zap security tests.
In our existing Selenium +python automation framework, I have installed owasp python api v2.4 plugin to interact with Owasp Zap Tool via selenium scripts.
When I run my scripts in selenium python, the generated Zap reports should only have only Medium and High Level Alerts by eliminating Alerts of other Risk levels
Can someone help with how can we achieve Alert filteration in Zap reports via Zap python API through selenium code.
For example:- In generated report , I want to remove alerts related to Low and Informational via python script. How can we acheive this?
Simon Bennetts
Nov 10, 2021, 4:49:19 AM11/10/21
to OWASP ZAP User Group
Hiya,
Use the new Report Generation add-on - that provides an API which allows you to filter on both risks and confidences.
Cheers,
Simon
Navneet Debbadi
Nov 10, 2021, 6:57:43 AM11/10/21
to OWASP ZAP User Group
Sure Thanks for the response. Ill look into it.
Reply all
Reply to author
Forward
0 new messages