Database security
23 views
Skip to first unread message
Param Saini
Feb 21, 2022, 8:46:23 AM2/21/22
to OWASP ZAP User Group
Folks, Can we use Zap for database security vulnerabilities specifically? I did quite of surfing but dint find any pointers on that. Any pointer will be much appreciated. Thank you
Simon Bennetts
Feb 21, 2022, 9:27:01 AM2/21/22
to OWASP ZAP User Group
Hiya,
ZAP tests applications via web protocols - HTTP(S), Web Sockets etc.
It can test for things like SQL injection but only via those protocols.
It does not connect directly to a database to test that for vulnerabilities.
Cheers,
Simon
Param Saini
Feb 22, 2022, 3:40:16 AM2/22/22
to OWASP ZAP User Group
Ty Simon for your prompt reply. so is there any way to track the bellow dB Vulnerabilities via ZAP specifically?.
1)
Weak username/passwords
2)
Buffer overflows
3)
Denial-of-service attack
Simon Bennetts
Feb 22, 2022, 12:05:13 PM2/22/22
to OWASP ZAP User Group
So you _can_ test for some of these via ZAP (assuming you have a web app which uses your DB that ZAP can attack) but it would probaby be more of a custom / manual process.
ZAP is not designed to find these sort of db issues out of the box.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages