However, I need the tool to identify critical risk vulnerabilities related to access control, as stated in the documentation (https://www.zaproxy.org/docs/alerts/10102/)
Even though it doesn't say so in the documentation, after researching a lot, I identified that it is an add-on feature.
I would like to know: How can I add this feature to my pipeline? Would it be in cmd_command?
Is there a way to do this?
I'm in doubt because the README of the official ZAP repository doesn't say how to do this via the command line, only via the UI, at the link https://github.com/zaproxy/zap-extensions .
In my app I provoque the access control vulnerability by changing the URL id. For example: https://localhost:3000/1 and the user without permission can change it to https://localhost:3000/2 to see another user's data. But, using this, I dont have any alert telling me that.
Can you help me with this issue?
Simon Bennetts
unread,
Jun 17, 2024, 10:52:21 AMJun 17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message