HelpReleases1_2_0
The following changes were made in this release:
Memory leaks have been fixed in the active scanner and spider.
External applications can now be invoked from the Sites and History tabs.
The passive scanner now looks for vulnerabilities, such as:
| Autocomplete forms with password fields | |
| Cookies without the 'HttpOnly' flag | |
| SSL Cookies without the 'secure' flag | |
| Weak authentication |
A new 'Generate XML Report...' menu item is now included in the top level Reports menu.
Requests submitted by the Manual Request Editor and Resend dialogs are now shown in the Sites and History tabs. A new 'Method' pull down allows you to switch between the HTTP methods, this automatically moves parameters between the URL and the body when a POST method is selected or deselected.
The Sites tab now shows any alerts as flags to the right of any node names. The alert counts in the footer now show the number of different types of alerts rather than the total number of instances.
The delay in milliseconds between each active scanner request can now be set via the Options Active Scan screen. This will increase the time an active scan takes but will reduce the load on the target.
The Sites tab now takes up all of the left hand side - this can be changed back via the Options Display screen if required.
The 'toolbar' on the Request, Response and Break tabs and the Manual Request Editor and Resend dialogs is now at the top rather than the bottom.
The scanner counts in the footer are now displayed on the right hand side.
| Introduction | the introduction to ZAP | |
| Releases | the full set of releases | |
| Credits | the people and groups who have made this release possible |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
