LogoScannerVersionVendor
ZAP2.2.2OWASP

Tested Against WAVSEP Version:
1.5

Product Details:
Accurate
Version		License /
Technology		Last Update
Source Code
Activity
2.2.2 (GA) ASF2
Java 1.6.x		27-09-2013 28-11-2013
Source Code

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
Very SimpleVery SimpleVery StableFast

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
5

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
11

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
17

Complimentary Audit Features:
WebServer
Hardening		CGI
Scanning		Dir & File
Enumeration		Passive
Analysis		Additional
Features
Brute force, Fuzzing, Beanshell integration, port scanner, break points, external plugins and extensions. Manual postback viewstate/validations manipulations via the VEHICLE extension, external obsolete file detection via the good-old-files extension.

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
30.00% False Positives		(136/136)
(3/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
75.00% Detection Rate
0.00% False Positives		(612/816)
(0/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
16.67% False Positives		(108/108)
(1/6)

The WIVET Score of the Scanner:
WIVET ScoreChart
73.00% Detection Rate

Additional Audit Features:
Forced Browsing (Options Menu), Username Enumeration, Parameter Tampering, AntiCSRF token scanner, HPP, Http Parameter Override. Session Fixation & Backup file enumeration available as extensions (https://code.google.com/p/zap-extensions/). Many passive analysis features from there Casaba Security Fiddler Extension - Watcher, Were implemented as well. CGI scanning features & fuzzing enabled through the integrated use of fuzz-db and JBroFuzz.

Additional Features:
Brute force, Fuzzing, Beanshell integration, port scanner, break points, external plugins and extensions. Manual postback viewstate/validations manipulations via the VEHICLE extension, external obsolete file detection via the good-old-files extension.

Overview:
An actively developed fork of the Paros project.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.