ZAP Passive Scanning
18 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main objective of active scanning in ZAP?

  • To review results of a scan
  • To attempt to find potential vulnerabilities by using known attacks (correct)
  • To identify logical vulnerabilities in a web application
  • To capture and iterate through websites

    • What is the purpose of Scan Policies in ZAP?

  • To configure active scanning rules (correct)
  • To review results of a scan
  • To set up passive scanning rules
  • To add authentication to a scan

    • What is a limitation of active scanning in ZAP?

  • It can only scan web applications that you own
  • It can only find certain types of vulnerabilities (correct)
  • It can find all types of vulnerabilities, including logical ones
  • It does not require any configuration

    • How is active scanning configured in ZAP?

    <p>Using the Options Active Scan screen</p> Signup and view all the answers

    What is the purpose of passive scanning in ZAP?

    <p>To identify potential vulnerabilities without attacking the target</p> Signup and view all the answers

    What is NOT a feature of ZAP?

    <p>Automated tagging</p> Signup and view all the answers

    What is the primary purpose of passive scanning in ZAP?

    <p>To scan all HTTP messages sent to the web application</p> Signup and view all the answers

    What is configured using the Options Passive Scan Tags screen?

    <p>The rules for automatic tagging</p> Signup and view all the answers

    What is a limitation of passive scanning in ZAP?

    <p>It cannot discover pages protected by a login page</p> Signup and view all the answers

    What can be configured using the Options Passive Scan Rules screen?

    <p>The alerts raised by passive scanners</p> Signup and view all the answers

    What is the main benefit of passive scanning in ZAP?

    <p>It is safe to use and does not slow down the exploration of an application</p> Signup and view all the answers

    What is the primary difference between passive scanning and manual exploration in ZAP?

    <p>Passive scanning has limitations in discovering pages protected by a login page</p> Signup and view all the answers

    What is a limitation of solely relying on spiders for vulnerability scanning?

    <p>They may not find all resources on a site, especially hidden pages</p> Signup and view all the answers

    What is the benefit of using a browser to explore a web application with ZAP proxying?

    <p>It allows ZAP to passively scan for vulnerabilities and build the site tree</p> Signup and view all the answers

    What is the primary purpose of a spider in ZAP?

    <p>To automatically discover new resources on a site</p> Signup and view all the answers

    What is a key concept in web application security that is related to hidden pages?

    <p>Obscurity is not security</p> Signup and view all the answers

    How is a spider typically started in ZAP?

    <p>With a list of URLs to visit, called the seeds</p> Signup and view all the answers

    What is the result of ZAP's passive scanning during manual exploration of a web application?

    <p>A record of alerts for potential vulnerabilities found</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser