Podcast
Questions and Answers
What is the main objective of active scanning in ZAP?
What is the main objective of active scanning in ZAP?
- To review results of a scan
- To attempt to find potential vulnerabilities by using known attacks (correct)
- To identify logical vulnerabilities in a web application
- To capture and iterate through websites
What is the purpose of Scan Policies in ZAP?
What is the purpose of Scan Policies in ZAP?
- To configure active scanning rules (correct)
- To review results of a scan
- To set up passive scanning rules
- To add authentication to a scan
What is a limitation of active scanning in ZAP?
What is a limitation of active scanning in ZAP?
- It can only scan web applications that you own
- It can only find certain types of vulnerabilities (correct)
- It can find all types of vulnerabilities, including logical ones
- It does not require any configuration
How is active scanning configured in ZAP?
How is active scanning configured in ZAP?
What is the purpose of passive scanning in ZAP?
What is the purpose of passive scanning in ZAP?
What is NOT a feature of ZAP?
What is NOT a feature of ZAP?
What is the primary purpose of passive scanning in ZAP?
What is the primary purpose of passive scanning in ZAP?
What is configured using the Options Passive Scan Tags screen?
What is configured using the Options Passive Scan Tags screen?
What is a limitation of passive scanning in ZAP?
What is a limitation of passive scanning in ZAP?
What can be configured using the Options Passive Scan Rules screen?
What can be configured using the Options Passive Scan Rules screen?
What is the main benefit of passive scanning in ZAP?
What is the main benefit of passive scanning in ZAP?
What is the primary difference between passive scanning and manual exploration in ZAP?
What is the primary difference between passive scanning and manual exploration in ZAP?
What is a limitation of solely relying on spiders for vulnerability scanning?
What is a limitation of solely relying on spiders for vulnerability scanning?
What is the benefit of using a browser to explore a web application with ZAP proxying?
What is the benefit of using a browser to explore a web application with ZAP proxying?
What is the primary purpose of a spider in ZAP?
What is the primary purpose of a spider in ZAP?
What is a key concept in web application security that is related to hidden pages?
What is a key concept in web application security that is related to hidden pages?
How is a spider typically started in ZAP?
How is a spider typically started in ZAP?
What is the result of ZAP's passive scanning during manual exploration of a web application?
What is the result of ZAP's passive scanning during manual exploration of a web application?