<img alt="" src="https://secure.leadforensics.com/150446.png " style="display:none;">
Go to top icon


Kishore Bhamare Dec 22, 2016


OWASP ZAP is an open-source web security testing tool, used for detecting vulnerabilities in web applications.

ZAP provides you with configured automated scanners as well as a set of tools that allows you to detect vulnerabilities and threats manually. It is designed for people with a wide range of security expertise and is in a way ideal for developers and functional testers who are new to penetration testing and is also a useful to an experienced pen tester’s skillset.

This is a cross-platform tool written in Java, available in all of the operating systems including Microsoft Windows, Linux and Mac OS X.

OWASP ZAP 2.5.0 has four modes:

  • Safe mode – This mode doesn’t allow you to do anything that is potentially dangerous.
  • Protected mode – This mode allows you simulate potentially dangerous vulnerabilities. User can only perform harmful actions on URLs which are mentioned in the scope.
  • Standard mode – In this mode user can do anything that is relevant.
  • ATTACK mode - New nodes in scope are actively scanned as soon as they are discovered.

OWASP ZAP 2.5.0.png

It is strongly recommended that you use the ‘Protected mode’ to ensure that you only attack sites that you mean to.

The mode can be changed via the toolbar and is persisted between sessions.

Things that will not be possible in either ‘Safe mode’ or ‘Protected mode’ when not acting on URLs in the Scope:

  • Spider - crawling
  • Active Scanning
  • Fuzzing
  • Force Browsing
  • Breaking (intercepting)
  • Resending requests

We can define the scan policy to be used for the attack mode in the Options Active Scan screen.

OWASP ZAP 2.5.0-1.png

Reference: https://www.owasp.org

e-Zest is a leading digital innovation partner for enterprises and technology companies that utilizes emerging technologies for creating engaging customers experiences. Being a customer-focused and technology-driven company, it always helps clients in crafting holistic business value for their software development efforts. It offers software development and consulting services for cloud computing, enterprise mobility, big data and analytics, user experience and digital commerce.