HelpStartConceptsPscan

psiinon edited this page Mar 29, 2017 · 2 revisions

Passive Scan

ZAP by default passively scans all HTTP messages (requests and responses) sent to the web application being tested. Passive scanning does not change the requests nor the responses in any way and is therefore safe to use. Scanning is performed in a background thread to ensure that it does not slow down the exploration of an application.

The (main) behaviour of the passive scanner can be configured using the Options Passive Scanner Screen.

Passive scanning can also be used for automatically adding tags and raising alerts for potential issues. A set of rules for automatic tagging are provided by default. These can be changed, deleted or added to via the Options Passive Scan Tags screen.

The alerts raised by passive scanners can be configured using the Options Passive Scan Rules screen.

See also

     UI Overview for an overview of the user interface
     Features provided by ZAP
     Active scanning
     Scanner Rules supported by default
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.