SQL Injection in ZAP Passive Scan

121 views

Skip to first unread message

Mitch Hall

unread,

Mar 16, 2021, 4:58:25 PM3/16/21

to OWASP ZAP User Group

I am new to Zap, but have experience with IBM AppScan in the past.

I read in the article link below that ZAP 'Passive' scans (Spider or AJAX Spider) do not include SQL Injection, Cross Site Scripting (XSS) Broken Authentication, etc. test

Are security test for these only run when running an 'Active' Scan?

Here's the article I made reference to:

https://volosoft.com/blog/Running-Penetration-Tests-for-your-Website-as-a-Simple-Developer

Simon Bennetts

unread,

Mar 17, 2021, 5:29:36 AM3/17/21

to OWASP ZAP User Group

Answered here: https://groups.google.com/g/zaproxy-users/c/xIYjk28jfFs/m/o8sP6s9jBAAJ