ZAP Full Scan Report #110
Description
-
Site: http://www.zaproxy.org
New Alerts- HTTPS Content Available via HTTP [10047] total: 6:
- https://www.zaproxy.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
- https://www.zaproxy.org/cdn-cgi/styles/cf.errors.css
- https://www.zaproxy.org/cdn-cgi/scripts/zepto.min.js
- https://www.zaproxy.org/cdn-cgi/scripts/cf.common.js
- https://www.zaproxy.org/cdn-cgi/styles/cf.errors.ie.css
- ..
- HTTPS Content Available via HTTP [10047] total: 6:
-
Site: https://www.zaproxy.org
New Alerts- Strict-Transport-Security Header Not Set [10035] total: 20:
- https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/image05.png
- https://www.zaproxy.org/docs/desktop/addons/hud/index.xml
- https://www.zaproxy.org/img/faq/installedAddonVersion.png
- https://www.zaproxy.org/docs/desktop/images/10/137.png
- https://www.zaproxy.org/docs/desktop/images/16/142.png
- ..
- Cross-Domain Misconfiguration [10098] total: 20:
- https://www.zaproxy.org/img/faq/supportAddonVersion.png
- https://www.zaproxy.org/blog/2020-03-04-dark-mode-in-the-weekly-release/images/zap-dark-desktop.png
- https://www.zaproxy.org/getting-started/images/alert-icons.png
- https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/Contexts1.png
- https://www.zaproxy.org/blog/2015-12-15-zap-newsletter-2015-december/images/custom-http-breakpoint.png
- ..
- Cookie Slack Detector [90027] total: 20:
- https://www.zaproxy.org/docs/desktop/ui/dialogs/session/context-struct/
- https://www.zaproxy.org/docs/desktop/addons/birt-reports/
- https://www.zaproxy.org/docs/desktop/addons/token-generator
- https://www.zaproxy.org/docs/desktop/addons/index.xml
- https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/image02.png
- ..
- Proxy Disclosure [40025] total: 20:
- Retrieved from Cache [10050] total: 20:
- https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/index.xml
- https://www.zaproxy.org/docs/desktop/addons/ajax-spider/tab/
- https://www.zaproxy.org/support/
- https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/clientstab/
- https://www.zaproxy.org/docs/desktop/ui/dialogs/options/callback/
- ..
- Apache Range Header DoS (CVE-2011-3192) [10053] total: 20:
- https://www.zaproxy.org/blog/2016-01-04-zap-newsletter-2016-january/images/shodan2.png
- https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/images/scan-job.png
- https://www.zaproxy.org/img/authors/simon-bennetts_400x400.jpg
- https://www.zaproxy.org/getting-started/images/zap-qstart-manualexplore.png
- https://www.zaproxy.org/getting-started/images/hud-welcome.png
- ..
- User Agent Fuzzer [10104] total: 20:
- https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/Contexts-users.png
- https://www.zaproxy.org/docs/desktop/addons/access-control-testing/index.xml
- https://www.zaproxy.org/blog/2020-03-09-zap-ssrf-setup/
- https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/index.xml
- https://www.zaproxy.org/docs/desktop/addons/diff/index.xml
- ..
- Cross-Domain JavaScript Source File Inclusion [10017] total: 20:
- https://www.zaproxy.org/docs/desktop/addons/openapi-support/
- https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/
- https://www.zaproxy.org/docs/desktop/addons/save-xml-message/
- https://www.zaproxy.org/docs/desktop/start/features/notes/
- https://www.zaproxy.org/docs/desktop/start/features/modes/
- ..
- X-Content-Type-Options Header Missing [10021] total: 20:
- https://www.zaproxy.org/docs/desktop/addons/browser-view/index.xml
- https://www.zaproxy.org/docs/desktop/images/16/152.png
- https://www.zaproxy.org/docs/desktop/images/fugue/application-blue-export.png
- https://www.zaproxy.org/blog/2016-11-22-announcing-the-official-zap-jenkins-plugin/images/ZAP_CI_SMALLER.png
- https://www.zaproxy.org/docs/desktop/addons/call-graph/index.xml
- ..
- Timestamp Disclosure - Unix [10096] total: 20:
- https://www.zaproxy.org/blog/2014-03-10-hacking-zap-1-why-should-you/
- https://www.zaproxy.org/docs/desktop/releases/2.3.0/
- https://www.zaproxy.org/docs/desktop/addons/import-urls/
- https://www.zaproxy.org/pdf/ZAPGettingStartedGuide-2.9.pdf
- https://www.zaproxy.org/docs/desktop/addons/forced-browse/options/
- ..
- Content Security Policy (CSP) Header Not Set [10038] total: 20:
- Incomplete or No Cache-control and Pragma HTTP Header Set [10015] total: 20:
- https://www.zaproxy.org/docs/desktop/start/features/users/
- https://www.zaproxy.org/docs/desktop/addons/community-scripts/index.xml
- https://www.zaproxy.org/docs/desktop/releases/1.3.1/
- https://www.zaproxy.org/docs/desktop/ui/dialogs/options/breakpoints/
- https://www.zaproxy.org/docs/desktop/addons/ajax-spider/index.xml
- ..
- Backup File Disclosure [10095] total: 20:
- https://www.zaproxy.org/docs/desktop/addons/websockets/images/054.~bk
- [https://www.zaproxy.org/docs/desktop/addons/openapi-support - Copy (3)/index.xml](https://www.zaproxy.org/docs/desktop/addons/openapi-support - Copy (3)/index.xml)
- https://www.zaproxy.org/docs/desktop/addons/websockets/images/054.old
- [https://www.zaproxy.org/docs/desktop/addons/websockets/images/Copy of 054.png](https://www.zaproxy.org/docs/desktop/addons/websockets/images/Copy of 054.png)
- [https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/image03 - Copy.png](https://www.zaproxy.org/blog/2016-02-19-zap-newsletter-2016-february/images/image03 - Copy.png)
- ..
- Trace.axd Information Leak [40029] total: 1:
- Application Error Disclosure [90022] total: 3:
- Information Disclosure - Debug Error Messages [10023] total: 2:
- Directory Browsing [0] total: 1:
- Cookie Without Secure Flag [10011] total: 2:
- Information Disclosure - Suspicious Comments [10027] total: 4:
- PII Scanner [10062] total: 1:
- Private IP Disclosure [2] total: 4:
- Loosely Scoped Cookie [90033] total: 3:
- Reverse Tabnabbing [10108] total: 1:
- Strict-Transport-Security Header Not Set [10035] total: 20:
View the following link to download the report.
RunnerID:91223515