Bhaveeni Narottam Intern Daily Tasks

Pulled and ran ZAP in daemon mode (headless) on port 8080
Spidered Flask app — discovered 3 URLs
Ran active scan — completed 100%
Found 4 Low severity alerts: missing security headers + server version leak
No SQL injection, XSS or auth issues found
Fixed X-Content-Type-Options header in main.py
Hidden Werkzeug version from Server header
Rescanned — alerts reduced from 4 to 3
Generated HTML reports saved to ~/devsecops/zap/reports/
Created ZAP GitHub Actions workflow for CI pipeline