zap

Introduction When testing for issues such as user enumeration, the response time and size may not always be ideal indicators as the response length may be the same but the content may differ only slightly. To ensure this is not overlooked, the “Tag Creator” message processor in the Fuzzer (for OWASP ZAP) can be used to perform a grep match for text matching a given regular expression and then extract the application’s error text to help detect even subtle differences in the application response. [Read More]