Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets.
Active scanning is an attack on those targets.
You should NOT use it on web applications that you do not own.
In order to facilitate identifying ZAP traffic and Web Application Firewall exceptions, ZAP is accompanied by a script “AddZapHeader.js” which can be used to add a specific header to all traffic that passes through or originates from ZAP. eg: X-ZAP-Initiator: 3
It should be noted that active scanning can only find certain types of vulnerabilities.
Logical vulnerabilities, such as broken access control, will not be found by
any active or automated vulnerability scanning.
Manual penetration testing should always be performed in addition to active
scanning to find all types of vulnerabilities.
Active scanning is configured using the
Options Active Scan screen.
The rules that run are configured via Scan Policies - you can have as many of these as you like.
| Active Scan tab | ‘New Scan’ button | |
| Sites tab | ‘Attack/Active Scan…’ right click menu item | |
| History tab | ‘Attack/Active Scan…’ right click menu item |
| UI Overview | for an overview of the user interface | |
| Features | provided by ZAP | |
| Passive scanning | ||
| Scan Policy Manager Dialog | which allows you to manage the scan policies | |
| Scanner Rules | supported by default |
| ZAP In Ten: Active Scanning (9:47) | |
| ZAP In Ten: Active Scan Scripts (11:37) | |
| Deep Dive: Active Scanning (31:26) |