Projects/OWASP Zed Attack Proxy Project/Releases/ZAP 1.2.0/Notes
The following changes were made in this release:
Memory leaks have been fixed in the active scanner and spider.
External applications can now be invoked from the Sites and History tabs.
The passive scanner now looks for vulnerabilities, such as:
- Autocomplete forms with password fields
- Cookies without the 'HttpOnly?' flag
- SSL Cookies without the 'secure' flag
- Weak authentication
A new 'Generate XML Report...' menu item is now included in the top level Reports menu.
Manual Request Editor and Resend dialogs
Requests submitted by the Manual Request Editor and Resend dialogs are now shown in the Sites and History tabs. A new 'Method' pull down allows you to switch between the HTTP methods, this automatically moves parameters between the URL and the body when a POST method is selected or deselected.
The Sites tab now shows any alerts as flags to the right of any node names. The alert counts in the footer now show the number of different types of alerts rather than the total number of instances.
Active scanner delay option
The delay in milliseconds between each active scanner request can now be set via the Options Active Scan screen. This will increase the time an active scan takes but will reduce the load on the target.
The Sites tab now takes up all of the left hand side - this can be changed back via the Options Display screen if required.
The 'toolbar' on the Request, Response and Break tabs and the Manual Request Editor and Resend dialogs is now at the top rather than the bottom.
The scanner counts in the footer are now displayed on the right hand side.