Interpreting ZAP SQL Injection Alerts

Alert confidence levels guide verification efforts. High-confidence alerts with clear error messages rarely produce false positives. Medium-confidence alerts based on timing or response differences require careful verification. Low-confidence alerts might indicate potential issues worth manual investigation. Understanding confidence levels helps prioritize verification efforts.

The evidence section in alerts provides crucial diagnostic information. Review the actual request sent, focusing on the injection payload used. Examine the response, looking for error messages or timing information that triggered detection. Compare against baseline requests to understand what changed. This analysis builds understanding of both the vulnerability and ZAP's detection logic.

Risk ratings consider both likelihood and impact. SQL injection typically receives "High" risk ratings due to potential for complete database compromise. However, context matters—SQL injection in a read-only search function poses less risk than in an administrative interface. Adjust risk ratings based on actual exploitability and data sensitivity when communicating findings.