Access Control Status Tab

Mon, 01 Jan 0001 00:00:00 +0000

Access Control Status Tab

The Access Control Status Tab allows starting of new Access Control testing and displays the results obtained. For each User and for each URL attacked by ZAP, an entry is added with information about:

ZAP’s id of the message sent
the HTTP method used
the URL of the resource
the HTTP status code of the response
the User from whose point the resource was accessed
whether the request was identified as being authorized or not
the access rule used, which was either directly defined or inferred based on parent’s defined rules
the result obtained: successful (green check) if the access rule was followed of failed (red cross) otherwise


	Access Control Testing concepts	for a short introduction to Access Control Testing
	Access Control Context options	to learn about the related context options

Access Control Context Options

Mon, 01 Jan 0001 00:00:00 +0000

Access Control Context Options

The Access Control Context options are present as a panel for each Context when opening the Session Properties dialog. This panel allows ZAP users to define the Access Rules for each User of each Context.

As mentioned on the concepts page, ZAP is making use of the tree-based structure of URLs. So, when configuring the access rules, only 1 rule needs to be set explicitly for an entire subtree, while for the other nodes rules are inferred. Three possible values can be set for any node in Context for each User:

Access Control Testing on ZAP

Access Control Status Tab

Access Control Status Tab

See also

Access Control Context Options

Access Control Context Options