psiinon edited this page Jun 3, 2015 · 1 revision

Active Scan

Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets.

Active scanning is an attack on those targets. You should NOT use it on web applications that you do not own.

It should be noted that active scanning can only find certain types of vulnerabilities. Logical vulnerabilities, such as broken access control, will not be found by any active or automated vulnerability scanning. Manual penetration testing should always be performed in addition to active scanning to find all types of vulnerabilities.

Active scanning is configured using the Options Active Scan screen. The rules that run are configured via Scan Policies - you can have as many of these as you like.

Accessed via

     Active Scan tab 'New Scan' button
     Sites tab 'Attack/Active Scan...' right click menu item
     History tab 'Attack/Active Scan...' right click menu item

See also

     UI Overview for an overview of the user interface
     Features provided by ZAP
     Passive scanning
     Scan Policy Manager Dialog which allows you to manage the scan policies
     Scanner Rules supported by default
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.