Anti CSRF tokens are (pseudo) random parameters used to protect against Cross Site Request Forgery (CSRF) attacks.
However they also make a penetration testers job harder, especially if the tokens are regenerated every time a form is requested.
ZAP detects anti CSRF tokens purely by attribute names - the list of attribute names considered to be anti CSRF tokens
is configured using the Options Anti CSRF screen.
When ZAP detects these tokens it records the token value and which URL generated the token.
The
active scanner and fuzzer both have options which
cause ZAP to automatically regenerate the tokens when required.
UI Pregled | za pregled korisničkog interfejsa | |
Karakteristike | obezbeđuje ZAP |