Skip to main content

OWASP ZAP - features

ZAP is designed in a way it is easy to use for anybody, and using basic functionalties requires no knowledge or skills, although to analyse results user needs to know what they are looking for. 

 

In a header part of app window [1] there is navigation, most useful controls and settings. There is also mode select in here, that allows user to determine how aggresive the test will be.

The main pane [2] on startup shows to the user welcome message and three most useful buttons for beginner. Automated scan allows ZAP do launch a default basic scan on web service, Manual explore allows to browse the website with additional feedback from ZAP, and Learn more is a library of tutorials.

Sites pane [3] allows to control scope of the test by managing targets, context and scripts during the test.

Results pane [4] on the bottom shows detailed results of the tests, separated in tabs. All data gathered during the test is displayed here, and there are also tabs with summaries - e.g. Alerts.

Status bar [5] at the bottom shows briefly about current findings. 

 

Detailed options, scripting functions and API of every component of ZAP is also available through browser at localhost:8080 while ZAP is active.

 

Comments

Post a Comment

Popular posts from this blog

Computer Ethics

The invention of computers was undeniably significant milestone for civilisation. Creation of that extensively versatile and multipurpose device was an advancement that commenced a new age - Information Age - in a history of humankind. However with new possibilities, new threats follows: cyber crime, cyber terrorism or cyber war. Computer ethics consists of rules, practices and areas that should be taken into consideration while designing, implementing and using information and communication technologies. It was a predecessor to ICT related legislation and expands current legal obligations for every individual involved.  The first of computer ethics commandments says: "Thou shalt not use a computer to harm other people".   Often ethic codes are assigned to activities that have potential to be unethical, and within computer sciences the first thought is majorly hacking. In general, hacking refers to activities leading to acquire access to systems or data without permission...
Post a Comment
Read more