Professional Documents
Culture Documents
ZAP Scanning Report2
ZAP Scanning Report2
ZAP Scanning Report2
Contents
▪ About this report
▪ Report parameters
▪ Summaries
▪ Alerts
▪ Appendix
▪ Alert types
1 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
Contexts
Sites
▪ http://192.168.0.20
An included site must also be within one of the included contexts for its
data to be included in the report.
Risk levels
Excluded: None
Confidence levels
Summaries
Alert counts by risk and confidence
2 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
This table shows the number of alerts for each level of risk and confidence
included in the report.
Confidence
User
Confirmed Alto Medio Bajo Total
Alto 0 1 0 0 1
(0,0 %) (16,7 %) (0,0 %) (0,0 %) (16,7 %)
Medio 0 1 1 0 2
(0,0 %) (16,7 %) (16,7 %) (0,0 %) (33,3 %)
Bajo 0 1 2 0 3
Risk (0,0 %) (16,7 %) (33,3 %) (0,0 %) (50,0 %)
Informativo 0 0 0 0 0
(0,0 %) (0,0 %) (0,0 %) (0,0 %) (0,0 %)
Total 0 3 3 0 6
(0,0 %) (50,0 %) (50,0 %) (0,0 %) (100%)
This table shows, for each site for which one or more alerts were raised, the
number of alerts raised at each risk level.
Alerts with a confidence level of "False Positive" have been excluded from
these counts.
(The numbers in brackets are the number of alerts raised for the site at or
above that risk level.)
Risk
3 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
Informativo
Alto Medio Bajo (>= Informa
(= Alto) (>= Medio) (>= Bajo) tivo)
http://192.168.0.20 1 2 3 0
Site (1) (3) (6) (6)
This table shows the number of alerts of each alert type, together with the
alert type's risk level.
Total 6
4 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
Total 6
Alerts
Risk=Alto, Confidence=Alto (1)
http://192.168.0.20 (1)
▸ GET http://192.168.0.20
http://192.168.0.20 (1)
▸ GET http://192.168.0.20/robots.txt
http://192.168.0.20 (1)
5 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
▸ GET http://192.168.0.20
http://192.168.0.20 (1)
▸ GET http://192.168.0.20/robots.txt
http://192.168.0.20 (2)
▸ GET http://192.168.0.20/sitemap.xml
▸ GET http://192.168.0.20
Appendix
Alert types
6 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
PII Disclosure
CWE ID 359
WASC ID 13
CWE ID 693
WASC ID 15
Reference ▪ https://developer.mozilla.org/en-US/docs
/Web/Security
/CSP/Introducing_Content_Security_Policy
▪ https://cheatsheetseries.owasp.org
/cheatsheets
/Content_Security_Policy_Cheat_Sheet.html
▪ http://www.w3.org/TR/CSP/
▪ http://w3c.github.io/webappsec/specs
/content-security-policy/csp-
specification.dev.html
▪ http://www.html5rocks.com/en/tutorials
/security/content-security-policy/
▪ http://caniuse.com
/#feat=contentsecuritypolicy
7 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
▪ http://content-security-policy.com/
CWE ID 1021
WASC ID 15
Reference ▪ https://developer.mozilla.org/en-US/docs
/Web/HTTP/Headers/X-Frame-Options
CWE ID 200
WASC ID 13
Reference ▪ http://blogs.msdn.com/b/varunm/Archive
/2013/04/23/Remove-Unwanted-http-
Response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-don '
t-deje-la-respuesta-headers.html
8 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
CWE ID 200
WASC ID 13
Reference ▪ http://httpd.apache.org/docs/current
/mod/core.html#servertokens
▪ http://msdn.microsoft.com/en-us/library
/ff648552.aspx#ht_urlscan_007
▪ http://blogs.msdn.com/b/varunm/archive
/2013/04/23/remove-unwanted-http-response-
headers.aspx
▪ http://www.troyhunt.com/2012/02/shhh-
dont-let-your-response-headers.html
CWE ID 693
WASC ID 15
Reference ▪ http://msdn.microsoft.com/en-us/library
/ie/gg622941%28v=vs.85%29.aspx
▪ https://owasp.org/www-community
/Security_Headers
9 de 10 3/07/2023, 9:53 p. m.
ZAP Scanning Report2 file:///C:/Users/oscar.gonzalez/Downloads/ZAP/2023-07-03-ZAP-Repor...
10 de 10 3/07/2023, 9:53 p. m.