09-07-2024, 08:47 AM
Anyone offer any advise please?
I should add I have now downloaded ZAP to test and struggling with it a bit. I created a fresh basic IW app and did an initial scan and it comes back clean, but a second scan shows the XSS java attack. Playing around with cookie options in various configurations does seem to alter the results but inconsistently and I am confused. Is there a better tool to use that works on SA and localhost?
I have tried latest build out of the box and not had any XSS reported but as I said above, my ZAP results seem inconsistent so not entirely sure if the latest build has fixed this or not. has there been any changes from 15.2.23 that may have fixed it? I looked and never noticed anything but I may have missed it.
Ultimately will move to latest build soon anyway. Can I just simply upgrade IW then rebuild or do I need to do anything else such as opening up and resaving forms etc?
Cheers.
I should add I have now downloaded ZAP to test and struggling with it a bit. I created a fresh basic IW app and did an initial scan and it comes back clean, but a second scan shows the XSS java attack. Playing around with cookie options in various configurations does seem to alter the results but inconsistently and I am confused. Is there a better tool to use that works on SA and localhost?
I have tried latest build out of the box and not had any XSS reported but as I said above, my ZAP results seem inconsistent so not entirely sure if the latest build has fixed this or not. has there been any changes from 15.2.23 that may have fixed it? I looked and never noticed anything but I may have missed it.
Ultimately will move to latest build soon anyway. Can I just simply upgrade IW then rebuild or do I need to do anything else such as opening up and resaving forms etc?
Cheers.