owaspzap

zap2docker stable is using which year's OWASP top 10?


I am using zap2docker 2.10.0 version for zap test. I have already checked all the files under this image but nowhere is mention about which OWASP year's top 10 vulnerabilities it used.

As Owasp top 10 is released for year 2023, so, I need to update the zap2docker version also. But not sure as i am not able to check whether the latest version is using the 2023 list or not.

Could anyone please help on how to check the above?


Solution

  • ZAP checks for a large range of vulnerabilities and so does not just focus on any specific "Top 10". ZAP 2.10.0 is no longer the latest version and will therefore not be getting updated to the latest rules - we recommend you update asap.
    FYI the ZAP scan rules are lited on https://www.zaproxy.org/docs/alerts/ They are also tagged https://www.zaproxy.org/alerttags/ so you can see which ones apply to the OWASP Top 10 2021 and 2017.