'How to scan particular URL or page alone in owasp zap
I have installed OWASP ZAP 2.8.0 and scan our site fully. In result we got some SQL injection URL's or pages. So We have fixed that SQL injection issues in development which is mentioned OWASP tool.
How to scan the particular page or URL in OWASP?
Example:
We have scan http://www.samples.com fully and in result we got below URL are SQL injection possible. http://www.samples.com/sales
So In development we have provided some fix for this page alone. If we scan http://www.samples.com/sales again to check. It's scan our full website. It's take more then 2 days to complete. How to scan that particular page or URL in OWASP?
I have tried this - https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsImporturlsImportUrls but not works.
Thanks,
Solution 1:[1]
The "Select the leaf node in the Site Tree instead of a parent node." way is not working for me - my tests are running scheduled/automated. Whenever I start my ZAP GUI, the site tree will be empty
The best way I figured out was the following:
Define a Context/Use the default Context to point to "http://www.samples.com/sales.*" instead of using "http://www.samples.com"
Now I think, I should be able to just right-click the Context and select "Active Scan", but if I do so, my Scan task won't make any Progress (using ZAP 2.11.1 - Bug?)
Instead, I create an "Full Scan" "Automation Task" on this context. In my case, the spider job will be done in a few seconds, and the scan task in 4-5 minutes (Instead of scanning the entire page for 20H)
The active scan part will still include default URLs like "http://www.samples.com/WEB-iNF/web.xml" though
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | General Grievance |