Options Active Scan Input Vectors screen
This screen allows you to configure the active scan input vectors.
These are the elements that the active scanner will attack.
Scanning all of the elements supported will take longer, but not scanning some elements may cause some vulnerabilities to be missed.
Injectible Targets
The request element that the active scanner will target:
| URL Query String | Key value pairs in the request URL query, ie after the '?' |
| Dane POST | Key value pairs in the request POST data |
| URL Path | Path elements in the request URL, ie the elements separated by '/' |
| HTTP Headers | Request HTTP Headers |
| Cookie data | Request cookies |
Build-in Input Vector Handlers
The data formats that the active scanner will target:
| Multipart Form Data | |
| tag/atrybut XML | |
| JSON | |
| Google Web Toolkit | |
| OData id/filter | |
Enable Script Input Vectors
If this option is selected then the active scanner will use any enabled script input vectors.
Script input vectors are scripts which you have written or imported into ZAP and allow you to target elements
which are not supported by default.
This screen also allows you to configure the parameters which will be ignored by the active scanner.
Zobacz również