Anti CSRF トークン

Anti CSRF tokens are (pseudo) random parameters used to protect against Cross Site Request Forgery (CSRF) attacks.
However they also make a penetration testers job harder, especially if the tokens are regenerated every time a form is requested.

ZAP detects anti CSRF tokens purely by attribute names - the list of attribute names considered to be anti CSRF tokens is configured using the Options Anti CSRF screen.
When ZAP detects these tokens it records the token value and which URL generated the token.
The active scanner and fuzzer both have options which cause ZAP to automatically regenerate the tokens when required.

関連情報

     UI Overviewユーザー インターフェイスの概要について
     FeaturesZAPによって提供されます。