Unable to exclude active scan rules using automation framework
103 views
Skip to first unread message
Kenneth Kiang
May 24, 2023, 4:13:03 AM5/24/23
to OWASP ZAP User Group
I am currently using the automation framework. I want to specify what rules I use for the active scan. I have tried modifying the policy definition in zap.yaml to specify which active scan rules to use:
- type: activeScan
policyDefinition:
rules:
- id: 10104
name: "User Agent Fuzzer"
However, all the rules still ran. I also tried to use alert filters:
- type: alertFilter
alertFilters:
- ruleId: 10104
ruleName: "User Agent Fuzzer"
newRisk: "False Positive"
url: "<hostname:port.*>"
urlRegex: true
The user agent fuzzer was not filtered from the scan. May I know what went wrong, or how can I solve this issue? Thank you.
- type: activeScan
policyDefinition:
rules:
- id: 10104
name: "User Agent Fuzzer"
However, all the rules still ran. I also tried to use alert filters:
- type: alertFilter
alertFilters:
- ruleId: 10104
ruleName: "User Agent Fuzzer"
newRisk: "False Positive"
url: "<hostname:port.*>"
urlRegex: true
The user agent fuzzer was not filtered from the scan. May I know what went wrong, or how can I solve this issue? Thank you.
Simon Bennetts
May 24, 2023, 4:16:01 AM5/24/23
to OWASP ZAP User Group
In the first case all you have done is specify the rule, not how you want it configured.
Change it to be:
type: activeScan
policyDefinition:
rules:
- id: 10104
name: "User Agent Fuzzer"
policyDefinition:
rules:
- id: 10104
name: "User Agent Fuzzer"
threshold: "Off"
Cheers,
Simon
Kenneth Kiang
May 24, 2023, 7:12:28 AM5/24/23
to OWASP ZAP User Group
It works. Thanks for the help Simon!
Reply all
Reply to author
Forward
0 new messages