Skip to content

Active scanner rules (alpha) version 31
Compare
Choose a tag to compare
@zapbot zapbot released this 17 Jun 21:38
· 4975 commits to main since this release
ascanrulesAlpha-v31
f1992fc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changed

  • Update links to zaproxy and zap-extensions repos.
  • Target 2.10 core and use new logging infrastructure (Log4j 2.x).
  • The LDAP Injection scan rule was modified to use:
    • The Dice algorithm for calculating the match percentage, thus improving its performance.
    • The URI in encoded form in alerts' other info field.
  • Maintenance changes.

Added

  • CORS active scan rule.
  • Forbidden (403) Bypass scan rule.
  • Web Cache Deception scan rule.

Removed

  • Unused file, it was used by promoted scan rule.

Fixed

  • Correct Context check in NoSQL Injection - MongoDB scan rule.
Assets 3
Loading