33 lines
959 B
Text
33 lines
959 B
Text
|
# OWASP ZAP Rules Configuration
|
||
|
|
# Format: rule_id WARN/FAIL/IGNORE description
|
||
|
|
|
||
|
|
# SQL Injection
|
||
|
|
40018 FAIL SQL Injection
|
||
|
|
|
||
|
|
# Cross-Site Scripting (XSS)
|
||
|
|
40012 FAIL Cross Site Scripting (Reflected)
|
||
|
|
40014 FAIL Cross Site Scripting (Persistent)
|
||
|
|
40016 FAIL Cross Site Scripting (DOM Based)
|
||
|
|
|
||
|
|
# Remote Code Execution
|
||
|
|
90019 FAIL Code Injection
|
||
|
|
90020 FAIL Remote OS Command Injection
|
||
|
|
|
||
|
|
# Authentication/Session Management
|
||
|
|
10040 FAIL Secure Pages Include Mixed Content
|
||
|
|
10043 FAIL User Controllable JavaScript Event
|
||
|
|
10055 FAIL CSP Scanner
|
||
|
|
10098 WARN Cross-Domain Misconfiguration
|
||
|
|
|
||
|
|
# Sensitive Data Exposure
|
||
|
|
10054 FAIL Cookie Without Secure Flag
|
||
|
|
10056 FAIL X-Frame-Options Header Not Set
|
||
|
|
10063 FAIL Feature Policy Header Not Set
|
||
|
|
10096 WARN Timestamp Disclosure
|
||
|
|
|
||
|
|
# Security Misconfigurations
|
||
|
|
10015 WARN Re-examine Cache-control Directives
|
||
|
|
10021 WARN X-Content-Type-Options Header Missing
|
||
|
|
10035 FAIL Strict-Transport-Security Header Not Set
|
||
|
|
10109 WARN Modern Web Application
|