Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Session Properties

  1. Context Name
     
    • Provide a unique name for the context.

      Info: Append the Build Variable BUILD_ID to the Context Name to ensure a unique name. e.g.  

      My Context ${BUILD_ID}

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

      Warning: The context should not exist in the loaded session.

  2. Include in Context
     
    • List of URLs which will be included in the Context unless also excluded.

      Info: Each line is a URL Regex and should be in the form of:
       
      e.g. http://localhost:8180/bodgeit.*
      e.g. \Qhttp://localhost:8180/bodgeit\E.*
      e.g. http://localhost:8180/bodgeit/logout.php
      e.g. \Qhttp://localhost:8180/bodgeit/logout.php\E

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  3. Exclude from Context
     
    • List of URLs which will be excluded from the Context.

      Info: Each line is a URL Regex and should be in the form of:
       
      e.g. http://localhost:8180/bodgeit.*
      e.g. \Qhttp://localhost:8180/bodgeit\E.*
      e.g. http://localhost:8180/bodgeit/logout.php
      e.g. \Qhttp://localhost:8180/bodgeit/logout.php\E

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  4. Alert Filters – Placeholder for New Feature Addition. (Go to step 5. for now)

     

  5. Authentication – ZAP will perform the Attacks (Spider and/or Active Scan) as an authenticated user.
     
    • Form-Based(info) Documentation, how to setup the context to use Form-Based Authentication can be found here.
       
    • Script-Based(info) Documentation, how to setup the context to use Script-Based Authentication can be found here.
  • No labels