18 Questions
What is the main objective of active scanning in ZAP?
To attempt to find potential vulnerabilities by using known attacks
What is the purpose of Scan Policies in ZAP?
To configure active scanning rules
What is a limitation of active scanning in ZAP?
It can only find certain types of vulnerabilities
How is active scanning configured in ZAP?
Using the Options Active Scan screen
What is the purpose of passive scanning in ZAP?
To identify potential vulnerabilities without attacking the target
What is NOT a feature of ZAP?
Automated tagging
What is the primary purpose of passive scanning in ZAP?
To scan all HTTP messages sent to the web application
What is configured using the Options Passive Scan Tags screen?
The rules for automatic tagging
What is a limitation of passive scanning in ZAP?
It cannot discover pages protected by a login page
What can be configured using the Options Passive Scan Rules screen?
The alerts raised by passive scanners
What is the main benefit of passive scanning in ZAP?
It is safe to use and does not slow down the exploration of an application
What is the primary difference between passive scanning and manual exploration in ZAP?
Passive scanning has limitations in discovering pages protected by a login page
What is a limitation of solely relying on spiders for vulnerability scanning?
They may not find all resources on a site, especially hidden pages
What is the benefit of using a browser to explore a web application with ZAP proxying?
It allows ZAP to passively scan for vulnerabilities and build the site tree
What is the primary purpose of a spider in ZAP?
To automatically discover new resources on a site
What is a key concept in web application security that is related to hidden pages?
Obscurity is not security
How is a spider typically started in ZAP?
With a list of URLs to visit, called the seeds
What is the result of ZAP's passive scanning during manual exploration of a web application?
A record of alerts for potential vulnerabilities found
Test your understanding of ZAP's passive scanning feature, which safely analyzes HTTP messages to identify vulnerabilities in web applications. Learn how to configure the passive scanner and its behavior. Take this quiz to explore the capabilities of ZAP's passive scanning.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free