PedroCollado
23 days agoBronze II
Introduction to OWASP ZAP
I'm completely stuck with this one
I can see in the robots.txt that there's a disallow page as /checkout but it seems that this page doesn't exists.. What i'm missing? any hint?
So, your mistake is that you assume the "/checkout" page is the draft checkout page you are looking for but its not
In order to find the correct page, you are expected to perform a ZAP spider attack. Authentication configurations should be there because only then ZAP will be able to fully crawl the website. After that if you look at the resources ZAP finds carefully, the correct URL should be there
Regarding configuring the ZAP for this Briefing section should guide you