OWASP ZAP wavsep results

Generated: 2017-11-12 04:29

Total Score

                                                                                                                                                                53%

ZAP Version: D-2017-11-06
URLs found: 1910

Top Level Scores

Top LevelPassFailScoreChart
DOM-XSS050%
LFI34046742%                                                                                                                                     
Obsolete-Files10100%
Obsolete-Files#
PluginmsReqsQuality
Path Traversal0:03:17.84519998release
Remote File Inclusion0:03:19.89912591release
Server Side Include0:03:17.68210172release
Cross Site Scripting (Reflected)0:03:17.5777500release
Cross Site Scripting (Persistent) - Prime0:03:13.9522578release
Cross Site Scripting (Persistent) - Spider0:03:12.2941966release
Cross Site Scripting (Persistent)0:01:56.0560release
SQL Injection0:03:21.20018019release
Server Side Code Injection0:03:17.92120623release
Remote OS Command Injection0:03:18.37130935release
Directory Browsing0:03:12.2781966release
External Redirect0:03:17.8507640release
Buffer Overflow0:03:14.0352434release
Format String Error0:03:16.2767259release
CRLF Injection0:03:17.60218046release
Parameter Tampering0:03:16.93216189release
Script Active Scan Rules0:00:00.0010release
Source Code Disclosure - SVN0:03:01.4471867beta
Source Code Disclosure - /WEB-INF folder0:00:00.0124beta
Remote Code Execution - Shell Shock0:03:17.3535156beta
Anti CSRF Tokens Scanner0:01:08.645606beta
Heartbleed OpenSSL Vulnerability0:00:00.0043beta
Cross-Domain Misconfiguration0:00:00.0302beta
Source Code Disclosure - CVE-2012-18230:02:42.6051613beta
Remote Code Execution - CVE-2012-18230:03:16.8993932beta
Session Fixation0:00:01.7740beta
SQL Injection - MySQL0:22:51.37110028beta
SQL Injection - Hypersonic SQL0:03:18.80210309beta
SQL Injection - Oracle0:03:17.71910312beta
SQL Injection - PostgreSQL0:03:17.70310309beta
Advanced SQL Injection0:23:50.752591629beta
XPath Injection0:03:20.0167734beta
XML External Entity Attack0:00:01.0450beta
Generic Padding Oracle0:01:56.4502beta
Expression Language Injection0:03:14.7032543beta
Backup File Disclosure0:03:09.57233296beta
Integer Overflow Error0:03:15.3349558beta
Insecure HTTP Method0:03:11.6841966beta
HTTP Parameter Pollution scanner0:01:10.523558beta
Possible Username Enumeration0:00:00.0000beta
Source Code Disclosure - Git 0:00:14.7420alpha
Source Code Disclosure - File Inclusion0:28:06.3327793alpha
Httpoxy - Proxy Header Misuse0:03:17.6827864alpha
LDAP Injection2:17:03.53116486alpha
SQL Injection - SQLite0:03:20.80951186alpha
Cross Site Scripting (DOM Based)0:03:42.909456alpha
SQL Injection - MsSQL0:03:18.9756510alpha
Example Active Scanner: Denial of Service0:01:53.6250alpha
An example active scan rule which loads data from a file0:01:56.6440alpha
SOAP Action Spoofing0:00:04.1850alpha
SOAP XML Injection0:01:57.0000alpha
Relative Path Confusion0:03:06.7041892alpha
Apache Range Header DoS (CVE-2011-3192)0:03:12.7541974alpha
User Agent Fuzzer0:03:17.47113727alpha
HTTP Only Site0:00:00.0120alpha
Proxy Disclosure0:03:17.87911796alpha
ELMAH Information Leak0:00:00.0201alpha
Trace.axd Information Leak0:00:11.58570alpha
HTTPS Content Available via HTTP0:00:02.1800alpha
Cookie Slack Detector0:03:17.87813302alpha
Total5:41:55--