Alerts

An alert is a potential vulnerability and is associated with a specific request.
A request can have more than one alert.

Alerts are shown in the UI with a flag indicating the risk:

High
Medium
Low
Informational
False Positive

Alerts can be raised by various ZAP components, including but not limited to: active scanning, passive scanning, scripts, by addons (extensions), or manually using the Add Alert dialog (which also allows you to update or change alert details/information).

Alerts are flagged in the History tab with a flag which indicates the highest risk alert.
All alerts are listed in the Alerts tab and a count of the total number of alerts by risk is shown in the footer.

Alert overrides

Alerts raised by ZAP include both generic and specific information about the alerts raised. The specific information relates directly to the potential issue found, such as the URL and the parameter affected. The generic information includes things like a description and links to related online resources.

You can replace or add to the generic information using an ‘alert override’ configuration file. This allows you to include information that is specific to your company such as mandated policies, internal links or advice for specific technologies you use.

An alert override configuration file is a UTF-8 property file containing just the information you would like to change. Lines starting with ‘#’ are treated as comments and ignored.

The format is:

<alertid>.<property> = [ + | - ] <your information>

The following properties are supported:

  • name
  • description
  • solution
  • otherInfo
  • reference

The format for alert tags is:

<alertid>.tag.<key> = [ + | - ] [ <value> ]

Note that:

  • Spaces in the tag key must be escaped with a backslash.
  • The tag value is optional.

For example

# 40012 = Reflected XSS
40012.solution = Follow our company specific guidelines at http://internet.example.com/xss.html
40012.tag.Bug\ Tracker\ URL = https://example.com/issues/1234

If the value starts with a ‘+’ then it is appended to the existing information.
If it starts with a ‘-’ then it is prepended to the existing information.
If it does not start with a ‘+’ or ‘-’ then it replaces the existing information.

The alert override configuration file can be specified via the API, Options Alert screen or using the command line option:

-config alert.overridesFilename=<filename>

See also

UI Overview for an overview of the user interface
Features provided by ZAP