The quickest way to get going with ZAP is to use the Quick Start add-on, which is installed by default.
This allows you to enter a URL which ZAP will first spider and then active scan.
For a more in depth test you should explore your application using your browser or automated regression tests while proxying through ZAP.
At its heart ZAP is a manipulator-in-the-middle proxy.
To get the most out of ZAP you need to configure your browser or functional tests to connect to the web application you wish to test through ZAP.
If required you can also configure ZAP to connect through another proxy - this is often necessary in a corporate environment.
You can quickly and easily launch browsers that are pre-configured to proxy through ZAP via the Quick Start tab.
This can launch any of the most common browsers that you have installed with new profiles.
If you would like to use any of your browsers with an existing profile, for example with other browser add-ons installed, then you will need to manually configure your browser to proxy via ZAP.
If you know how to set up proxies in your web browser then go ahead and give it a go!
If you are unsure then have a look at the Configuring proxies section.
Once you have configured ZAP as your browser’s proxy then try to connect to the web application
you will be testing.
If you can not connect to it then check your proxy settings again. You will need to check your browser’s proxy settings, and also ZAP’s proxy settings.
Its also worth checking that the application that you are trying to test is running!
When you have successfully connected to your application via your browser then have a look at ZAP
again. You should now see one or more lines in the Sites and
If so we’re in business. If not then you’ll need to check your proxy settings again.
The next thing to do is to start a basic penetration test.
|for details of how to set up ZAP as a proxy in your web browser
|the introduction to ZAP
|provided by ZAP
|supported by default
|ZAPCon 2022: ZAP for Everybody (44:05)