# OWASP ZAP Rules Configuration
# Format: rule_id	WARN/FAIL/IGNORE	description

# SQL Injection
40018	FAIL	SQL Injection

# Cross-Site Scripting (XSS)
40012	FAIL	Cross Site Scripting (Reflected)
40014	FAIL	Cross Site Scripting (Persistent)
40016	FAIL	Cross Site Scripting (DOM Based)

# Remote Code Execution
90019	FAIL	Code Injection
90020	FAIL	Remote OS Command Injection

# Authentication/Session Management
10040	FAIL	Secure Pages Include Mixed Content
10043	FAIL	User Controllable JavaScript Event
10055	FAIL	CSP Scanner
10098	WARN	Cross-Domain Misconfiguration

# Sensitive Data Exposure
10054	FAIL	Cookie Without Secure Flag
10056	FAIL	X-Frame-Options Header Not Set
10063	FAIL	Feature Policy Header Not Set
10096	WARN	Timestamp Disclosure

# Security Misconfigurations
10015	WARN	Re-examine Cache-control Directives
10021	WARN	X-Content-Type-Options Header Missing
10035	FAIL	Strict-Transport-Security Header Not Set
10109	WARN	Modern Web Application