AddOnsBeta
- Introduction
-
2.0 Add-ons
- Add-ons: Release
- Add-ons: Beta
-
Add-ons: Alpha
-
Active Scan Rules - alpha
-
Access Control Testing
-
All In One Notes
-
Authentication Statistics
- Browser View
- Bug Tracker
-
Code Dx
-
Community Scripts
- Custom Payloads
- Custom Report
- DOM XSS Active Scan Rule
- Export Report
-
Form Handler
-
Groovy Scripting
-
HTTPS Info Add-on
-
Open API Specification Support
-
Passive Scan Rules - alpha
-
Replacer
-
Revisit
-
Server-Sent Events
-
Sequence Scanner
-
Simple Example
-
SOAP Scanner
-
SNI Terminator
-
Technology Detection
-
TLS Debug
-
- Add-on Development
- Add-on Structure
- Add-on Debugging
- Examples
- Upgrade
- Code Structure
- 1.4 Add-ons
(This is work in progress;)
Clone this wiki locally
Add-ons: Beta
Add-ons marked as 'beta' status can be expected to be of a reasonable quality and mostly fit for purpose.
However they may be incomplete or need further testing.
They will typically:
- Have been developed or code reviewed by one or more members of the ZAP core team
- Have no known significant issues
- Be fully internationalised
- Support dynamic loading and unloading
- Mostly conform the to ZAP development rules and guidelines
- Have informative help pages
- Provide API calls (if relevant)
- Obey mode settings (both in the desktop and the API)
- Active scan rules will correctly check the isStop() method so that they dont hang
- Active Scan rules will conform to the recommended strength settings (where relevant):
- Low: up to around 6 requests / param / page
- Medium: up to around 12 requests / param / page
- High: up to around 24 requests / param / page
- Insane: whatever ;)
- Page level rules should equate to ~ 6 params at Low strength (eg up to around 36 requests / page, etc)