Options Active Scan screen
This screen allows you to configure the active scan options:
Number of hosts scanned concurrently
The maximum number of hosts that will be scanned at the same time.
Increasing this may put extra strain on the computer ZAP is running on.
Concurrent scanning threads per host
The number of threads the scanner will use per host.
Increasing the number of threads will speed up the scan but may put extra strain on the computer ZAP is running on and the target host.
Max results to list
The number of results that will be shown in the Active Scan tab.
Displaying a large number of results can significantly increase the time a scan takes.
Delay when scanning in milliseconds
The delay in milliseconds between each request.
Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain
on the target host.
Handle anti CSRF tokens
If this option is selected then the active scanner will attempt to automatically request
anti CSRF tokens when required.
Note that this is experimental functionality and will slow down the scanning process as only one thread will be used to ensure
that anti CSRF token requests dont get out of step.
Alert Threshold
This controls how likely ZAP is to report potential vulnerabilities.
If you select Low then more potential issues will be raised which may increase the number of false positives.
If you select High then fewer potential issues will be raised which may mean that some real issues are missed (false negatives).
Alert Strength
This controls the number of attacks that ZAP will perform.
If you select Low then fewer attacks will be used which will be quicker but may miss some issues.
If you select High then more attacks will be used which may find more issues but will take longer.
The Insane level should typically only be used for small parts of an application as it can result in a very large number of
attacks being used, which can take a considerable length of time.
Zobacz również