At its heart ZAP in an intercepting proxy.
You need to configure your browser to connect to the web application you wish to test through ZAP.
If required you can also configure ZAP to connect through another proxy - this is often
necessary in a corporate environment.
If you know how to set up proxies in your web browser then go ahead and give it a go!
If you are unsure then have a look at the Configuring proxies
section.
When you have successfully connected to your application via your browser then have a look at ZAP
again. You should now see one or more lines in the Sites and
History tabs.
If so we're in business. If not then you'll need to check your proxy settings again.
The next thing to do is to start a
basic penetration test.
Configuring Proxies | for details of how to set up ZAP as a proxy in your web browser | |
Introduction | the introduction to ZAP | |
Features | provided by ZAP | |
Scanner Rules | supported by default |