Scanner Rules

ZAP supports both active and passive scanning rules.

Note that additional rules can be added via plugins.

Active Scanner Rules

    Secure page browser cache
    Directory browsing
    External redirect
    Potential File Path Manipulation
    Private IP disclosure
    Session ID in URL rewrite
    CRLF injection
    MS SQL Injection Enumeration
    Oracle SQL Injection Enumeration
    SQL Injection
    SQL Injection Fingerprinting
    Parameter tampering
    Server side include
    Cross Site Scripting
    Path Traversal
    URL Redirector Abuse

Passive Scanner Rules

    Incomplete or no cache-control and pragma HTTPHeader set
    Content-Type header missing
    Cookie no http-only flag
    Cookie without secure flag
    Cross-domain JavaScript source file inclusion
    Cross Site Request Forgery
    IE8s XSS protection filter not disabled
    Information disclosure - database error messages
    Information disclosure - debug error messages
    Information disclosure - sensitive informations in URL
    Information disclosure - sensitive informations on HTTP Referrer header
    Password Autocomplete in browser
    Weak authentication
    X-Content-Type-Options header missing
    X-Frame-Options header not set

See also

     Introductionthe introduction to ZAP