OWASP is a team of neutral volunteers dedicated to making web app security. OWASP is one of the best online resource for learning more about web app vulnerabilities security and related projects.
One of the best entry points to a company's server/database is through the web applications. Because of its purpose to receive customer input and correlate that back to the servers, it may also receive malicious input if the web app is not properly secure. OWASP ZAP can be used to test aggressively on a targeted website for weak points that are categorized by the type of vulnerability, such as the following:
- Cross-site scripting
- Remote OS command injection
- Directory browsing
- X-Frame-Options header not set
- Cookie set without HttpOnly flag
- Password autocomplete in browser
- Web browser XSS protection not enabled
- X-Content-Type-Options header missing
Next to each category is a number that represents the number of occurrences that is relevant to that type of vulnerability. You can find further details on the vulnerabilities involved if you click on the arrow next to the alert to expand that category. The vulnerabilities that are detected are also identified as risk assessment and confidence.