Active scanner rules (alpha) version 31
zapbot
released this
17 Jun 21:38
·
4975 commits
to main
since this release
Changed
- Update links to zaproxy and zap-extensions repos.
- Target 2.10 core and use new logging infrastructure (Log4j 2.x).
- The LDAP Injection scan rule was modified to use:
- The Dice algorithm for calculating the match percentage, thus improving its performance.
- The URI in encoded form in alerts' other info field.
- Maintenance changes.
Added
- CORS active scan rule.
- Forbidden (403) Bypass scan rule.
- Web Cache Deception scan rule.
Removed
- Unused file, it was used by promoted scan rule.
Fixed
- Correct Context check in NoSQL Injection - MongoDB scan rule.