The following changes were made in this release:
A completely new fuzzing dialog has been introduced that allows multiple injection points to be attacked at the same time.
This supports new attack payloads including the option to use scripts for generating the payloads as well as pre and post attack manipulation and analysis.
New Active Scan, Spider and AJAX Spider dialogs have replaced the increasing number of right click ‘Attack’ options.
These provide easy access to all of the most common options and optionally a wide range of advanced options.
A new Scan Policy Manager dialog allows you to create as many Scan Policies as you need.
Scan policies define exactly which rules are run as part of an Active Scan.
They also define how these rules run influencing how many requests are made and how likely potential issues are to be flagged.
By default only the essential tabs are now shown when ZAP starts up.
The remaining tabs are revealed when they are used (e.g. for the spider and active scanner) or when you display them via the special tab on the far right of each window with the green ‘+’ icon. This special tab disappears if there are no hidden tabs.
Tabs can be closed via a small ‘x’ icon which is shown when the tab is selected.
Tabs can also be ‘pinned’ using a small ‘pin’ icon that is also shown when the tab is selected - pinned tabs will be shown when ZAP next starts up.
A new optional ‘alpha’ quality add-on adds the ability to scan ‘sequences’ of web pages, in other words pages that must be visited in a strict order in order to work correctly.
A new optional ‘alpha’ quality add-on adds the ability to automate many aspects of access control testing.
Please be aware that the Plugin ID for the External Redirect scanner has changed from 30000 to 20019.
|Introduction||the introduction to ZAP|
|Releases||the full set of releases|
|Credits||the people and groups who have made this release possible|