ZAP supports both active and passive scanning rules.
Note that additional rules can be added via plugins.
Secure page browser cache | |
Directory browsing | |
External redirect | |
Potential File Path Manipulation | |
Private IP disclosure | |
Session ID in URL rewrite | |
CRLF injection | |
MS SQL Injection Enumeration | |
Oracle SQL Injection Enumeration | |
SQL Injection | |
SQL Injection Fingerprinting | |
Parameter tampering | |
Server side include | |
Cross Site Scripting | |
Path Traversal | |
URL Redirector Abuse |
Incomplete or no cache-control and pragma HTTPHeader set | |
Content-Type header missing | |
Cookie no http-only flag | |
Cookie without secure flag | |
Cross-domain JavaScript source file inclusion | |
Cross Site Request Forgery | |
IE8s XSS protection filter not disabled | |
Information disclosure - database error messages | |
Information disclosure - debug error messages | |
Information disclosure - sensitive informations in URL | |
Information disclosure - sensitive informations on HTTP Referrer header | |
Password Autocomplete in browser | |
Weak authentication | |
X-Content-Type-Options header missing | |
X-Frame-Options header not set |
Introduction | the introduction to ZAP |