An alert is a potential vulnerability and is associated with a specific request. A request can have more than one alert.
Alerts are shown in the UI with a flag indicating the risk:
Alerts can be raised by various ZAP components, including but not limited to: active scanning, passive scanning, scripts, by addons (extensions), or manually using the Add Alert dialog (which also allows you to update or change alert details/information).
Alerts are flagged in the History tab with a flag which indicates the highest risk alert. All alerts are listed in the Alerts tab and a count of the total number of alerts by risk is shown in the footer.
Alerts raised by ZAP include both generic and specific information about the alerts raised. The specific information relates directly to the potential issue found, such as the URL and the parameter affected. The generic information includes things like a description and links to related online resources.
You can replace or add to the generic information using an 'alert override' configuration file. This allows you to include information that is specific to your company such as mandated policies, internal links or advice for specific technologies you use.
An alert override configuration file is a UTF-8 property file containing just the information you would like to change. Lines starting with '#' are treated as comments and ignored.
The format is:
<alertid>.<property> = [ + | - ] <your information>
The following properties are supported:
# 40012 = Reflected XSS 40012.solution = Follow our company specific guidelines at http://internet.example.com/xss.html
If the value starts with a '+' then it is appended to the existing information. If it starts with a '-' then it is prepended to the existing information. If it does not start with a '+' or '-' then it replaces the existing information.
|UI Overview||for an overview of the user interface|
|Features||provided by ZAP|