HelpStartConceptsAlerts
An alert is a potential vulnerability and is associated with a specific request. A request can have more than one alert.
Alerts are shown in the UI with a flag indicating the risk:
 High |
||
 Medium |
||
 Low |
||
 Informational |
||
 False Positive |
Alerts can be raised by various ZAP components, including but not limited to: active scanning, passive scanning, scripts, by addons (extensions), or manually using the Add Alert dialog (which also allows you to update or change alert details/information).
Alerts are flagged in the History tab with a flag which indicates the highest risk alert. All alerts are listed in the Alerts tab and a count of the total number of alerts by risk is shown in the footer.
Alerts raised by ZAP include both generic and specific information about the alerts raised. The specific information relates directly to the potential issue found, such as the URL and the parameter affected. The generic information includes things like a description and links to related online resources.
You can replace or add to the generic information using an 'alert override' configuration file. This allows you to include information that is specific to your company such as mandated policies, internal links or advice for specific technologies you use.
An alert override configuration file is a UTF-8 property file containing just the information you would like to change. Lines starting with '#' are treated as comments and ignored.
The format is:
<alertid>.<property> = [ + | - ] <your information>
The following properties are supported:
- name
- description
- solution
- otherInfo
- reference
For example
# 40012 = Reflected XSS
40012.solution = Follow our company specific guidelines at http://internet.example.com/xss.html
If the value starts with a '+' then it is appended to the existing information. If it starts with a '-' then it is prepended to the existing information. If it does not start with a '+' or '-' then it replaces the existing information.
The alert override configuration file can be specified via the API, Options Alert screen or using the command line option:
-config alert.overridesFilename=<filename>
| UI Overview | for an overview of the user interface | |
| Features | provided by ZAP |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
