HelpUiDialogsAddalert
This dialog allows you to manually add or change an Alert associated with a specific request.
The dialog has the following fields:
The type of the alert is a pull down field which allows you to select one of a prepopulated set of issue types. You can also enter your own text or change the text of one of the items you selected. If you select one of the existing types then the Description, Solution and Other Info fields will be populated with text associated with the item you chose.
A pull down field which allows you to specify how serious you think the risk is:
| Informational | ||
| Low | ||
| Medium | ||
| High |
A pull down field which allows you to specify how confident you are in the validity of the finding:
| False Positive | for potential issues that you later find are not exploitable | |
| Low | for unconfirmed issues | |
| Medium | for issues you are somewhat confident of | |
| High | for findings you are highly confident in | |
| Confirmed | for confirmed issues |
A pull down field which allows you to specify which parameter the issue is associated with.
The field is prepopulated with any URL and FORM parameters found, but you can also enter your own parameter name.
Array parameters (in URL query component and x-www-form-urlencoded request body) are identified with its index. For example, for a request containing choices[]=ChoiceA&choices[]=ChoiceB the first parameter would be identified as choices[0] and the second as choices[1].
A general description of the type of issue found. This is populated when you select one of the predefined types, but you can also change it as required. Note that any changes you make will be lost if you select another type.
Information specific to the particular issue you have found. This is not prepopulated.
Recommendations about how to fix the issue. This is populated when you select one of the predefined types, but you can also change it as required. Note that any changes you make will be lost if you select another type.
One or more URLs pointing to more information on the internet about the selected type of alert. This is populated when you select one of the predefined types, but you can also change it as required. Note that any changes you make will be lost if you select another type.
| History tab | 'New Alert...' right click menu item | |
| Alerts tab | double clicking on an existing alert |
| UI Overview | for an overview of the user interface | |
| Dialogs | for details of the dialogs or popups |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
