GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools

Published on December 14th, 2015 | by MaxiSoler

0

OWASP ZAP v2.4.3 Released

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.4.3

Enhancements:

  • Issue 1576 : Define URL path elements as ‘non structural’
  • Issue 1711 : Feature request: Option to specify number of token to be generated.
  • Issue 1768 : Update to use a more recent user-agent
  • Issue 1894 : ZAP only scans “User-Agent”, “Referer”, and “Host” request headers
  • Issue 1911 : Search AJAX spider requests
  • Issue 1913 : Pass all params across to zap.sh – debian package
  • Issue 1914 : Multiple add-on directories
  • Issue 1920 : Report the host:port ZAP is listening on in daemon mode, or exit if it cant
  • Issue 1927 : Enhancement: Break only for in-scope URLs.
  • Issue 1944 : Chart responses per second in ascan progress
  • Issue 1953 : Allow to spider a context through the ZAP API
  • Issue 1962 : Install and update add-ons from the command line
  • Issue 1975 : RC4-SHA SSL cipher suite not supported
  • Issue 1980 : Add ZAP CLI to Docker images
  • Issue 1985 : Bring up the Modify dialog if the user doubles on a row in a AbstractMultipleOptionsBaseTablePanel
  • Issue 2009 : Add Online links to the FAQ and Newsletter pages
  • Issue 2084 : Warn users if they are probably using out of date versions
  • Issue 2086 : Report request counts per plugin
  • Issue 2088 : Support an ‘update all’ button for installing all updated add-ons
  • Issue 2094 : Support a ‘-addoninstallall’ command line option
  • Issue 2102 : Allow ajax spider options to be set via the API

Bug fixes:

  • Issue 1070 : Breaking on custom URL with query parameters does not work.
  • Issue 1555 : SAXParseException while generating the report
  • Issue 1617 : ZAP 2.4.0 throws HeadlessExceptions when running in daemon mode on headless machine
  • Issue 1877 : fix path to .ZAP_JVM.properties in zap.sh
  • Issue 1893 : Regression: Can’t disable and enable specific scanners through the API
  • Issue 1910 : API does not return content in the expected encoding, on errors
  • Issue 1917 : Request and Response tabs dont scale the text
  • Issue 1939 : Scripts – Save Button Enablement Issue
  • Issue 1949 : Script with missing type prevents scripts and templates from being loaded
  • Issue 1950 : Connection closed without response, with an Authentication script with errors
  • Issue 1951 : Exception when trying to add users before loading an authentication script
  • Issue 1960 : Active Scan dialogue might use outdated scan policy
  • Issue 1969 : Issues with installation of scanners
  • Issue 1970 : Installed add-on dependencies might not be taken into account when installing add-ons
  • Issue 1973 : Returned HAR/list does not contain correct redirection messages
  • Issue 1981 : Spider might not report the correct number of URIs found
  • Issue 2005 : Active scanning incorrectly performed on sibling nodes
  • Issue 2044 : Issues in Hirschberg’s algorithm implementation
  • Issue 2045 : Dont copy old configs if -dir option used
  • Issue 2052 : Authentication changes done through the API not saved to session

 

Full Changelog: here

Tags: , , ,


About the Author

ToolsWatcher :)
@maxisoler



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑