Rick M

icon indicating a website link https://www.zaproxy.org/authors/thorin/

icon location Ontario, Canada icon location IT Sec guy, @zaproxy co-lead, @OWASP WSTG co-lead, @OWASP VWAD co-lead, Hac≺3r, supporter of oxford commas, #INTJ.

Results 1096 comments of Rick M

Adding Attack vector for finding vulnerabilities related to JWE

This seems like a good summary: > A signed JWT is known as a JWS (JSON Web Signature). In fact a JWT does not exist itself — either it has...

Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application.

Any further details post upgrade?

Forced Browsing should (allow to) display all the activity

Yes we know it's an old issue. Pointing that out isn't helpful to all the volunteers. https://twitter.com/kingthorin_rm/status/1450515593782779905

GraalVM JavaScript engine not loading with Java 22

It doesn't limit OAST functionality. It means you can't use JS scripts, a few of which OAST is packaged with but they're bonuses not requirements. I'd suggest starting ZAP with...

GraalVM JavaScript engine not loading with Java 22

Might also be a Java 22 issue, not sure we're compatible yet.

Juice Shop - add missing memories link WIP

> though that also includes authenticated finds. We should probably differentiate or clarify on the scan page :grinning: