Our customer requires us to run the OWASP ZAP tool against our web application (ASP.NET 4.5.2, Webforms) and we cannot have any high priority findings in the report. We've done the analysis, and O...

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.

I have configured ZAP 2.6 so that it is acting as a proxy for requests from an Android app to a web service over HTTPS. The authentication mechanism is OAuth 2, and so in my login response I get an...

I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type. I want to run security scan using ZAP tool and I am not able to ...

I have a SPA application (angularjs front end/restfull WebAPI back end). SPA is by design using client routing - i.e. typical "page" looks like http://contosco.com#/page1 http://contosco.com#/pag...

I have started learning OWASP ZAP and I am confused about passive scanning in OWASP ZAP. On right clicking the node in Site tree I do not see any passive scanning option, however under Tools | Opt...

After running OWASP ZAP scanning tool against our application, we see a number of XSS vulnerabilities when the tool attacked with this string: " onMouseOver="alert(1); or ;alert(1) So such st...