Jenkins : zap-plugin How To Attack Mode

Created by Unknown User (jordangs), last modified on Nov 15, 2016

Attack Mode

  1. Starting Point
     
    • The starting point is the request you desire from which you would like all attacks to originate from.

      Info: Specify a URL as the starting point in the form of:
       
      e.g. http://localhost:8180/bodgeit/

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  2. Spider Scan(info) Evaluates URL for Passive Alerts.
     
    • Recurse(info) Default: True

      Info: If you select 'Recurse' then all of the nodes underneath the one specified will also be used to seed the spider.

    • Subtree Only(info) Default: False

      Info: If you select 'Subtree Only' the spider will only access resources that are under the starting point (URI). When evaluating if a resource is found within the specified subtree, the spider considers only the scheme, host, port, and path components of the URI.

    • Max Children to Crawl(info) Default: 0

      Info: Specify the 'Max Children to Crawl'. This parameter limits the number of children that will be crawled at every node in the tree. This is useful for data driven applications that have large numbers of 'pages' that are in fact exactly the same code but containing different data, for example from a database. By default this is set to zero which means there are no limits applied to the number of child nodes crawled.

  3. AJAX Spider
     
    • In Scope Only(info) Default: False

      Info: If you select 'In Scope Only' then any URLs which are out of scope will be ignored.

      Notice: Does not support authentication.

  4. Active Scan(info) Evaluates URL for Active Alerts.
     
    • Policy

      Info: Select a ZAP policy to use for the Active Scan. The policies must be stored in the Path provided for 'ZAP Settings'. "Default Policy" is used if no policy is specified.

    • Recurse(info) Default: True

      Info: If you select 'Recurse' then all of the nodes underneath the one selected will also be scanned. Custom input vectors are only supported if this option is not selected.

Attachments:

attack_modes.png (image/png)