ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications

2015-09-10T18:47:00
ID KITPLOIT:209585704668451081
Type kitploit
Reporter KitPloit
Modified 2015-09-10T18:47:00

Description

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Release 2.4.2

The following changes were made in this release:

Enhancements:

  • Issue 1306 : Java PermSize command line flag removed in Java 8
  • Issue 1593 : Auto-scroll in Spider tab
  • Issue 1600 : Dont report X-Frame-Options alert on 403 and 404 pages
  • Issue 1654 : httpSessions/createEmptySession should initialize a site that was not previously visited
  • Issue 1702 : Add "recurse" option to the spider API
  • Issue 1715 : Unable to pass arguments when launching ZAP from the command line on Mac OS X
  • Issue 1766 : Remove context via the API
  • Issue 1768 : Update to use a more recent user-agent
  • Issue 1778 : Passive scan AJAX spider requests
  • Issue 1790 : Move Buffer Overflow Scanner from Beta to Release
  • Issue 1793 : Allow active scan scripts to check if the scan was stopped
  • Issue 1795 : Allow JVM options to be configured via GUI
  • Issue 1799 : Minor Feature Request: Allow URL to be pasted into start Spider dialog.
  • Issue 1802 : Minor Enhancement: Change active Pause Button to a Play button
  • Issue 1849 : Option to merge related issues in reports
  • Issue 1857 : Libraries that were updated
  • Issue 1865 : Increase maximum db size

Bug fixes:

  • Issue 1760 : Unable to initialize home directory! xml/config.xml (No such file or directory)
  • Issue 1763 : Automatic check for updates fails to report new versions
  • Issue 1770 : Exceptions when calling (some) context API actions in daemon mode
  • Issue 1771 : For OSX the zap.sh in the core download hard-codes the relative java location
  • Issue 1772 : On OS X, Found Java version lies
  • Issue 1777 : "Cannot locate configuration source null.policy" after opening "Active Scan" dialogue
  • Issue 1781 : ZAP errors with "Unsupported option '-psn_x_xxxxxxx'" on OS X
  • Issue 1784 : NullPointerException when active scanning through the API with a target without scheme
  • Issue 1785 : Plugin enabled even if dependencies are not, "hangs" active scan
  • Issue 1787 : Context not used by the Spider even if selected
  • Issue 1788 : Scan Progress Pane Needs Sorting Change
  • Issue 1789 : Forced Browse/AJAX Spider messages not restored to Sites tab
  • Issue 1792 : Report not generated in daemon mode
  • Issue 1798 : Stop Attack Feature Locks up ZAP?
  • Issue 1804 : Disable processing of XML external entities by default
  • Issue 1805 : ZAP API might not return the response in requested format on errors
  • Issue 1858 : Spider might report wrong progress after finishing
  • Issue 1872 : EDT accessed in daemon mode

Download ZAP 2.4.2