forked from zaproxy/zaproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_zap.config
More file actions
52 lines (41 loc) · 2.05 KB
/
test_zap.config
File metadata and controls
52 lines (41 loc) · 2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# ZAP generic-pytest configuration file
[Proxy]
# URL that ZAP is listening on, default: http://127.0.0.1:8080
url =
# The Directory ZAP is installed in, can be left blank if ZAP is in the default location on Windows
install =
# The home directory to use, ZAP will use a default one if this is not specified
home =
[Actions]
# Start ZAP at the start of the test?
start = true
# Comma separated list of URLs to Spider
#spider = http://127.0.0.1/,http://127.0.0.1/bodgeit
spider =
# Comma separated list of URLs to Scan
#scan = http://127.0.0.1
scan =
# If specified ZAP will save the session using this name - must not already exist
# TODO - add a timestamp to prevent clashes ;)
savesession =
# Stop ZAP at the end of the test?
stop = true
[Alerts]
# List of alerts to ignore - fields supported are: alert, risk, reliability, url, param
# Supplied values are treated as regexes, unsupplied values match everything
#ignore = {'alert':'X-Content-Type-Options header missing','risk':'Low','reliability':'Warning'}
# {'alert':'X-Frame-Options header not set','risk':'Informational','reliability':'Warning'}
# {'alert':'Cross Site Request Forgery','risk':'Medium','reliability':'Warning'}
# {'alert':'Weak\ HTTP\ authentication\ over\ an\ unsecured\ connection','risk':'Medium','reliability':'Warning'}
# {'alert':'Cookie\ set\ without\ HttpOnly\ flag','risk':'Low','reliability':'Warning'}
# {'alert':'Password\ Autocomplete\ in\ browser','risk':'Low','reliability':'Warning'}
ignore =
# List of alerts to require - i.e. test will fail unless at least one match, same format as the 'ignore' list
#require = {'alert':'Cross Site Request Forgery','risk':'Medium','reliability':'Warning'}
# {'alert':'Weak\ HTTP\ authentication\ over\ an\ unsecured\ connection','risk':'Medium','reliability':'Warning'}
# {'alert':'Cookie\ set\ without\ HttpOnly\ flag','risk':'Low','reliability':'Warning'}
require =
# File name in which the 'non ignored' alerts will be saved - these can be used as the basis
# of ignore/require alert lines (and are output regex escaped)
#savealerts = alerts.txt
savealerts =