ZAP Passive Scanning
18 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main objective of active scanning in ZAP?

  • To review results of a scan
  • To attempt to find potential vulnerabilities by using known attacks (correct)
  • To identify logical vulnerabilities in a web application
  • To capture and iterate through websites

What is the purpose of Scan Policies in ZAP?

  • To configure active scanning rules (correct)
  • To review results of a scan
  • To set up passive scanning rules
  • To add authentication to a scan

What is a limitation of active scanning in ZAP?

  • It can only scan web applications that you own
  • It can only find certain types of vulnerabilities (correct)
  • It can find all types of vulnerabilities, including logical ones
  • It does not require any configuration

How is active scanning configured in ZAP?

<p>Using the Options Active Scan screen (D)</p> Signup and view all the answers

What is the purpose of passive scanning in ZAP?

<p>To identify potential vulnerabilities without attacking the target (C)</p> Signup and view all the answers

What is NOT a feature of ZAP?

<p>Automated tagging (C)</p> Signup and view all the answers

What is the primary purpose of passive scanning in ZAP?

<p>To scan all HTTP messages sent to the web application (B)</p> Signup and view all the answers

What is configured using the Options Passive Scan Tags screen?

<p>The rules for automatic tagging (C)</p> Signup and view all the answers

What is a limitation of passive scanning in ZAP?

<p>It cannot discover pages protected by a login page (A)</p> Signup and view all the answers

What can be configured using the Options Passive Scan Rules screen?

<p>The alerts raised by passive scanners (D)</p> Signup and view all the answers

What is the main benefit of passive scanning in ZAP?

<p>It is safe to use and does not slow down the exploration of an application (B)</p> Signup and view all the answers

What is the primary difference between passive scanning and manual exploration in ZAP?

<p>Passive scanning has limitations in discovering pages protected by a login page (D)</p> Signup and view all the answers

What is a limitation of solely relying on spiders for vulnerability scanning?

<p>They may not find all resources on a site, especially hidden pages (B)</p> Signup and view all the answers

What is the benefit of using a browser to explore a web application with ZAP proxying?

<p>It allows ZAP to passively scan for vulnerabilities and build the site tree (B)</p> Signup and view all the answers

What is the primary purpose of a spider in ZAP?

<p>To automatically discover new resources on a site (A)</p> Signup and view all the answers

What is a key concept in web application security that is related to hidden pages?

<p>Obscurity is not security (C)</p> Signup and view all the answers

How is a spider typically started in ZAP?

<p>With a list of URLs to visit, called the seeds (C)</p> Signup and view all the answers

What is the result of ZAP's passive scanning during manual exploration of a web application?

<p>A record of alerts for potential vulnerabilities found (B)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser