ZAP Policies for Active and Full Scans
1,061 views
Skip to first unread message
Andy
Apr 19, 2022, 1:13:23 AM4/19/22
to OWASP ZAP User Group
Hi,
I want to enable and disable ZAP scan rules and I was able to find policies for API scan: https://github.com/zaproxy/zaproxy/blob/main/docker/policies/API-Minimal.policy
I was trying to find policies for Active Scan and Full Scan which are getting referenced from "Zap-full-scan.py" and "zap-baseline.py".
I couldn't find where are the policies for that. Will appreciate if someone can point me in the right direction.
Thanks
Andy
Simon Bennetts
Apr 19, 2022, 4:12:59 AM4/19/22
to OWASP ZAP User Group
Hi Andy,
The default policy for ZAP, whether using the packaged scans or running ZAP in any other way, is: all of the installed scan rules.
The full list of scan rules ZAP supports (excluding scripts) is given here: https://www.zaproxy.org/docs/alerts/
The packaged scans include the release and beta rules by defaul but you can include the alpha rule using the "-a" flag.
You can use the "-g filename" to generate a configuration file which will list all of the rules.
Cheers,
Simon
Andy
Apr 19, 2022, 2:19:15 PM4/19/22
to OWASP ZAP User Group
I appreciate you as always :)
Reply all
Reply to author
Forward
0 new messages