# OWASP ZAP

PlexTrac supports importing XML files from **OWASP ZAP (Zed Attack Proxy),** a web application penetration testing tool. It can automatically detect security vulnerabilities while developing and testing web applications. 

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FErS5FoE4JvP20P3K3l36%2Fimage.png?alt=media&#x26;token=e9a26e59-ac3e-4de6-843e-81be95bbeaa7" alt=""><figcaption></figcaption></figure></div>

## Finding Field Mappings

Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.

| OWASP Field      | Direction | PlexTrac Field            |
| ---------------- | :-------: | ------------------------- |
| Plugin ID Name   |    --->   | Finding Title             |
| Description      |    --->   | Description               |
| Other Info       |    --->   | Custom Field "Other Info" |
| Solution         |    --->   | Recomendation             |
| Refrences        |    --->   | Refrences                 |
| CWE ID           |    --->   | CWE ID                    |
| Risk Description |    --->   | Severity                  |

## Asset Field Mappings

Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.

| OWASP Field | Direction | PlexTrac Field |
| ----------- | :-------: | -------------- |
| Path        |    --->   | Asset Name     |
| Method      |    --->   | Asset Evidence |
| Parameter   |    --->   | Asset Evidence |
| Payload     |    --->   | Asset Evidence |
| URI         |    --->   | Hostname       |
| Port        |    --->   | Port           |
| Protocol    |    --->   | Protocol       |