From 65d9cff319682ec2682c9f17482ca79dab1c1911 Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Wed, 21 May 2025 10:20:35 +0000
Subject: [PATCH] Update site content

From:
zaproxy/zaproxy-website@ac1e85992072ede6803419ebb6e690cd22bf4dac

Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
 docs/getting-further/is-my-app-testable/index.html | 3 +++
 search/index.json                                  | 2 +-
 tags/advanced/index.html                           | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/getting-further/is-my-app-testable/index.html b/docs/getting-further/is-my-app-testable/index.html
index 85bb38c95c..3d57b3e155 100644
--- a/docs/getting-further/is-my-app-testable/index.html
+++ b/docs/getting-further/is-my-app-testable/index.html
@@ -169,6 +169,9 @@ <h3 id="exploration">Exploration <a class="header-link" href="#exploration"><svg
 <p>HTML links are easy to identify. Event handlers on elements like DIVs are much harder to identify.</p>
 <p>The <a href="/docs/desktop/addons/ajax-spider/">AJAX Spider</a> can struggle with popup menus, although the
 <a href="/docs/desktop/addons/client-side-integration/spider/">Client Spider</a> can handle these in many cases.</p>
+<p>If your app frequently logs the user out for doing bad/unexpected things then the spiders will struggle with it, and if
+it automatically redirects the browser to the login page if a direct URL is used even when authenticated then crawling your app
+will be almost impossible.</p>
 <p>None of the ZAP spiders can currently handle Shadow DOMs.</p>
 <p>If you have integration tests for you app then you should look at <a href="/docs/getting-further/automation/exploring-your-app/#proxying-integration-tests">proxying</a>
 then through ZAP as these can significantly increase coverage.</p>
diff --git a/search/index.json b/search/index.json
index c91a287c2a..68a608861b 100644
--- a/search/index.json
+++ b/search/index.json
@@ -6501,7 +6501,7 @@
     "keywords": ["advanced","app","is","my","security","testable?"],
     "tags": ["advanced"],
     "summary": "\u003cp\u003eWeb app security is hard, and there are many, many aspects to it (see \u003ca href=\"https://www.owasp.org\"\u003eOWASP\u003c/a\u003e for more details).\u003c/p\u003e\n\u003cp\u003eWhen it comes to security testing the best way to test the security of a web app is via a pentest conducted by experts.\nHowever, such pentests are expensive, and I have not heard of any company that can afford to carry out\nregular pentests on all of their web apps.\u003c/p\u003e",
-    "content": "web app security hard there many aspects see owasp more details when comes testing best way test via pentest conducted by experts however such pentests expensive have not heard any company that can afford carry out regular all their apps where zap shines cheap effective your whenever you need them tested help secure make life much difficult turn makes making harder will fact less automated too then race find vulnerabilities between pentesters hire malicious attackers who compromise provisioning set up environment manual input includes services configuring work together creating good range data users valid roles should depend third party cannot mocked interact other which part isolated easily reliable state dedicated reliability results get vary reason run against production site faq: danger scanning live website performance slow under normal circumstances really struggle scanned tool like may fail discover content miss would otherwise due requests timing configure handle perform badly process realise authentication tools authenticate application complex login procedures effectively pretty form configuration required exploration explore designed humans hopefully clear how navigate same easy html links identify event handlers elements divs ajax spider popup menus although client these cases none spiders currently shadow doms integration tests look proxying through significantly increase coverage api definitions do provide definition provides also maintain used does public generated automatically ensure kept uptodate full import listed exploring page antiautomation features controls added environments as: captchas multi factor firewalls relatively short session timeouts limiting number active sessions per user randomising field identifiers protect automation surprisingly they automating use switchable ui components include cause problems include: mandatory click throughs popups example signing newsletter possible disable sorts provision messaging default attack anything inscope discovers feedback forms chatbots result generation large spam messages integrations disconnected note completely disabling could hide sql injection cross scripting "
+    "content": "web app security hard there many aspects see owasp more details when comes testing best way test via pentest conducted by experts however such pentests expensive have not heard any company that can afford carry out regular all their apps where zap shines cheap effective your whenever you need them tested help secure make life much difficult turn makes making harder will fact less automated too then race find vulnerabilities between pentesters hire malicious attackers who compromise provisioning set up environment manual input includes services configuring work together creating good range data users valid roles should depend third party cannot mocked interact other which part isolated easily reliable state dedicated reliability results get vary reason run against production site faq: danger scanning live website performance slow under normal circumstances really struggle scanned tool like may fail discover content miss would otherwise due requests timing configure handle perform badly process realise authentication tools authenticate application complex login procedures effectively pretty form configuration required exploration explore designed humans hopefully clear how navigate same easy html links identify event handlers elements divs ajax spider popup menus although client these cases frequently logs user doing badunexpected things spiders automatically redirects browser page direct url used even authenticated crawling almost impossible none currently shadow doms integration tests look proxying through significantly increase coverage api definitions do provide definition provides also maintain does public generated ensure kept uptodate full import listed exploring antiautomation features controls added environments as: captchas multi factor firewalls relatively short session timeouts limiting number active sessions per randomising field identifiers protect automation surprisingly they automating use switchable ui components include cause problems include: mandatory click throughs popups example signing newsletter possible disable sorts provision messaging default attack anything inscope discovers feedback forms chatbots result generation large spam messages integrations disconnected note completely disabling could hide sql injection cross scripting "
     },
 {
     "url": "/docs/alerts/90002/",
diff --git a/tags/advanced/index.html b/tags/advanced/index.html
index f61a014348..9513e7c07a 100644
--- a/tags/advanced/index.html
+++ b/tags/advanced/index.html
@@ -125,7 +125,7 @@ <h3 class="mb-10">
                 </h3>
                 <section class="p-10 bg--blue-lightest mb-10 mt-10 smaller-text text--blue-dark">
                   Posted <span class="post-date">Monday January 1, 0001</span>
-                  <span class="word-count fl-r"> 819 Words </span>
+                  <span class="word-count fl-r"> 866 Words </span>
                 </section>
                 <section class="summary"><p>Web app security is hard, and there are many, many aspects to it (see <a href="https://www.owasp.org">OWASP</a> for more details).</p>
 <p>When it comes to security testing the best way to test the security of a web app is via a pentest conducted by experts.