The Quick Start tab provides you with an easy way to quickly test a web application.
The top screen shows 3 buttons that take you to the following screens.
The Automated Scan screen allows you to launch an automated scan against an application - just enter its URL below and press ‘Attack’.
Please be aware that you should only attack applications that you have been specifically been given permission to test.
This is the URL of the application you wish to attack, starting with ‘http://’ or ‘https://’.
ZAP must be able to access this URL for the attack to proceed.
The traditional spider explores the application by finding links in HTML pages. It is very fast but cannot handle applications which make heavy use of JavaScript.
The ajax spider explores the application by launching the browser you have chosen and clicking on the links it finds. It is slower than the traditional spider but handles JavaScript well.
This option is only shown if the ajax spider add-on is installed. If it is not available then you can download and install it for free from the ZAP Marketplace.
The options available are:
The Manual Explore screen allows you to launch the browser of your choice so that you can explore your application while proxying through ZAP. Select the browser you want from the pull-down and press the ‘Launch Browser’ button.
Browsers launched this way will be configured to proxy via ZAP and will ignore certificate errors, so you will not need to import the ZAP Root CA Certificate.
ZAP will remember the last browser you chose when you restart it.
A button will also be added to the toolbar which will launch the latest browser chosen. The icon will change to represent the relevant browser
Note that launched browsers will stop working if you change the address or port that ZAP is listening on.
If you do not have selenium add-on installed then you will see instructions for configuring your browser to proxy via ZAP manually.
This is the URL of the application you wish to explore, starting with ‘http://’ or ‘https://’.
ZAP must be able to access this URL.
The ZAP Heads Up Display (HUD) brings all of the essential ZAP functionality into your browser. It is ideal for people new to web security and also allows experienced penetration testers to focus on an application’s features while providing key security information and functionality.
This option is enabled if the HUD add-on is installed. If it is not available then you can download and install it for free from the ZAP Marketplace.
The Learn More screen provides links to local and online resources for you to learn more about ZAP.
Occasional news items will be displayed underneath the 3 buttons. Clicking on the red ‘x’ will hide the current news item.
Command Line | description of command line arguments | |
‘ZAPit’ | a quick ‘reconnaissance’ scan of the URL specified | |
Launch Options | the Quick Start Launch Options |