Skip to content

HelpStartConceptsModes

psiinon edited this page Jun 3, 2016 · 2 revisions

Modes

ZAP has a 'mode' which can be:

  • Safe - no potentially dangerous operations permitted
  • Protected - you can only perform (potentially) dangerous actions on URLs in the Scope
  • Standard - as in previous releases, you can do anything
  • ATTACK - new nodes that are in Scope are actively scanned as soon as they are discovered

It is recommended that you use the Protected mode to ensure that you only attack sites that you mean to.

The mode can be changed via the toolbar (or the ZAP API) and is persisted between sessions.

Examples of the things that will not be possible in either Safe mode or in Protected mode when not acting on URLs in the Scope:

  • Spidering
  • Active Scanning
  • Fuzzing
  • Force Browsing
  • Breaking (intercepting)
  • Resending requests

You can define the Scan Policy to be used for the Attack mode the Options Active Scan screen.

See also

     UI Overview for an overview of the user interface
     Features provided by ZAP
Clone this wiki locally
You can’t perform that action at this time.