OWASP ZAP Import
OWASP ZAP Import
Section titled “OWASP ZAP Import”Import web application security scan results from OWASP Zed Attack Proxy (ZAP) into NEURO.
Supported Formats
Section titled “Supported Formats”- JSON Report - ZAP JSON export format
- XML Report - ZAP XML export format
How to Import
Section titled “How to Import”- Generate a report from ZAP (Report → Generate Report)
- Select JSON or XML format
- Navigate to Findings in NEURO
- Click Import → OWASP ZAP
- Upload your report file
- Review and filter findings
- Import selected findings
Mapped Fields
Section titled “Mapped Fields”| ZAP Field | NEURO Field |
|---|---|
| alert | title |
| desc | description |
| risk | severity |
| solution | remediation |
| uri | affected_asset |
| cweid | cwe_ids |
| reference | references |
| evidence | evidence |
Severity Mapping
Section titled “Severity Mapping”| ZAP Risk Level | NEURO Severity |
|---|---|
| High (3) | High |
| Medium (2) | Medium |
| Low (1) | Low |
| Informational (0) | Info |
Features
Section titled “Features”Confidence Levels
Section titled “Confidence Levels”ZAP confidence levels are preserved:
- High - Confirmed vulnerability
- Medium - Likely vulnerability
- Low - Potential vulnerability
- False Positive - Marked for review
Alert Tags
Section titled “Alert Tags”ZAP alert tags (OWASP Top 10, etc.) are imported as finding tags in NEURO.
Evidence Extraction
Section titled “Evidence Extraction”Request/response evidence from ZAP alerts is preserved in the finding details.
Best Practices
Section titled “Best Practices”- Use Active Scan - Active scans provide more detailed findings
- Configure Context - Set up authentication context for authenticated scans
- Review Confidence - Filter by confidence level before importing
- Check for Duplicates - ZAP may report same issue on multiple URLs
Next: Checkmarx Import