Blog
Videos
Documentation
Community
Download
Add-ons
Access Control Testing
Access Control Context Options
Access Control Status Tab
Active Scan Rules
Active Scan Rules - Alpha
Active Scan Rules - Beta
Advanced SQLInjection Add-on
AJAX Spider
Ajax Spider Automation Framework Support
AJAX Spider Context
Options AJAX Spider screen
AJAX Spider dialog
AJAX Spider tab
Alert Filters
Alert Filter Dialog
Alert Filter Automation Framework Support
Context Alert Filters
Options Global Alert Filters
All In One Notes
All In One Notes - About
AMF Support
Authentication Helper
Authentication Report - JSON
Authentication Request Identification
Authentication Tester Dialog
Auto-Detect Authentication
Auto-Detect Session Management
Browser Based Authentication
Client Script Authentication
Report Templates
Header Based Session Management
Session Management Identification
Verification Request Identification
Authentication Statistics
Automation Framework
Automation Framework - About
Automation Framework - authentication
Automation Framework - Environment
Automation Framework - GUI
Automation Framework - addOns Job
Automation Framework - activeScan Job
Automation Framework - activeScan-config Job
Automation Framework - activeScan-policy Job
Automation Framework - delay Job
Automation Framework - exitStatus Job
Automation Framework - passiveScan-config Job
Automation Framework - passiveScan-wait Job
Automation Framework - requestor Job
Automation Framework - spider Job
Automation Framework - Options
Automation Framework - Alert Job Test
Automation Framework - Monitor Job Test
Automation Framework - Statistics Job Test
Automation Framework - URL Presence Job Tests
Automation Framework - Job Tests
Bean Shell Console
BIRT Reports
Browser View
Bug Tracker
Call Graph
Call Home
Client Side Integration
Client Side Integration - AJAX Spider Enhancement
Client Side Integration - Automation Framework Support
Client Side Integration - Firefox Profile
Client Side Integration - Internals
Client Side Integration - Passive Scan Rules
Client Side Integration - Client Spider
Code Dx
Collection: Pentester Pack
Collection: Scan Rules Pack
Common Library
Tabbed Output Panel
Community Scripts
Custom Payloads
Custom Payloads API
Options Custom Payloads screen
Custom Report
Database Add-on
Dev Add-On
Diff
Directory List v1.0
Directory List v2.3
Directory List v2.3 LC
DOM XSS Active Scan Rule
DOM XSS Active Scan Rule - About
Encode / Decode / Hash dialog
Options Encode/Decode screen
Eval Villain
Export Report
Forced Browse
Options Forced Browse screen
Forced Browse tab
Form Handler
Fuzz AI Files
FuzzDB Files
FuzzDB Offensive
FuzzDB Web Backdoors
Fuzzing
Fuzzer dialog
HTTP Message Processors
Fuzz Location Processors dialog
Options Fuzz screen
Payloads dialog
Payload Processors dialog
Fuzzer tab
Getting Started Guide
GraalVM JavaScript
GraphQL Support
GraphQL Alerts
GraphQL Automation Framework Support
GraphQL Options
GraphQL Support Script
GraphQL Variant
Groovy Support
Groovy Support - About
gRPC Support
gRPC Variant
gRPC WebSocket
Highlighter
HTTPS Info
The HUD
Options HUD screen
Import/Export
Automation Framework Support
Sites Tree File Format
Import URLs
Invoke Applications
Options Applications screen
JSON View
Kotlin Support
Linux WebDrivers
Log File Importer
MacOS WebDrivers
Neonmarker
Network Add-on
Network API
Command Line
Options
Client Certificates
Connection
Global Exclusions
Local Servers/Proxies
Rate Limit
Server Certificates
Out-of-band Application Security Testing Support
OAST API
OAST Options
OAST Services
BOAST
BOAST Options
Callbacks
Callback Options
Interactsh
Interactsh Options
OAST Tab
Online Menu
OpenAPI Support
OpenAPI Automation Framework Support
Parameter Digger
Parameter Digger - About
Param Digger dialog
Param Digger tab
Passive Scan Rules
Passive Scan Rules - Alpha
Passive Scan Rules - Beta
Passive Scanner Add-on
Passive Scanner API
Passive Scanner Automation Framework Support
Passive Scanner Automation Framework - passiveScan-config Job
Passive Scanner Automation Framework - passiveScan-wait Job
Options
Passive Scan Rules
Passive Scanner
Passive Scan Tags
Plug-n-Hack
Plug-n-Hack Clients tab
Port Scan
Options Port Scan screen
Port Scan tab
Postman Support
Postman Automation Framework Support
Python Scripting
Options Jython screen
Quick Start
Command Line
Options Quick Start Launch screen
ZAPit
Regular Expression Tester
Replacer
Replacer Automation Framework Support
Report Alert Generator
Report Generation
Report Generation - About
Report Generation API
Report Generation Automation Framework Support
Creating Reports
High Level Report Sample
Modern HTML Report with themes and options
Risk and Confidence HTML
SARIF JSON Report
Traditional HTML with Requests and Responses
Traditional HTML
Traditional JSON Report with Requests and Responses
Traditional JSON Report
Traditional Markdown Report
Traditional PDF
Traditional XML Report with Requests and Responses
Traditional XML Report
Report Templates
Requester Add-on
Manual Request Editor dialog
Requester Options
Requester Tab
Retest
Retest - About
Retire.js
Reveal
Revisit
Ruby Scripting
SAML Support
Save Raw Message
Save XML Message
Scan Policies
API Policy
Default Policy
Developer CI/CD Policy
Developer Full Policy
Developer Standard Policy
QA Full Policy
QA Standard Policy
Script Console
Scripts Automation Framework Support
Script Console Tab
Script Console Options
Script Scan Rules
Scripts tree tab
Selenium
Selenium API
Options Selenium screen
Sequence Scanner
Automation Framework Support
Sequence Policy
Server-Sent Events
Server-Sent Events tab
SOAP Support
SOAP Alerts
SOAP Automation Framework Support
Spider
Spider Automation Framework Support
Spider dialog
Options Spider screen
Spider tab
SVN Digger Files
Technology Detection
Technology Detection API
Options Tech Detection screen
Tips and Tricks
TLS Debug
Token Generation and Analysis
Options Token Generator Screen
TreeTools
Value Generator
ViewState
WebSockets
Web Sockets - About
WebSocket API
WebSocket specific options
WebSocket Passive Scan Rules
WebSocket Scripts
WebSocket specific session properties
WebSocket tab
Windows WebDrivers
Zest
Releases
Release 1.0.0
Release 1.1.0
Release 1.2.0
Release 1.3.0
Release 1.3.1
Release 1.3.2
Release 1.3.3
Release 1.3.4
Release 1.4.0
Release 1.4.1
Release 2.0.0
Release 2.1.0
Release 2.10.0
Release 2.11.0
Release 2.11.1
Release 2.12.0
Release 2.13.0
Release 2.14.0
Release 2.15.0
Release 2.16.0
Release 2.16.1
Release 2.2.0
Release 2.2.1
Release 2.2.2
Release 2.3.0
Release 2.3.1
Release 2.4.0
Release 2.4.1
Release 2.4.2
Release 2.4.3
Release 2.5.0
Release 2.6.0
Release 2.7.0
Release 2.8.0
Release 2.9.0
Getting Started
Scanner Rules
Features
Add-ons
Alerts
Anti CSRF Handling
API
Active Scan
Authentication
Authentication Methods
Authentication Verification Strategies
Breakpoints
Callbacks
Contexts
Custom Page
Data Driven Content
Globally Excluded URLs
HTTP Sessions
Manipulator-in-the-middle Proxy
Marketplace
Modes
Notes
Passive Scan
Software Bill of Materials
Scan Policy
Scope
Scripts
Session Management
Sites Tree
Spider
Statistics
Structural Modifiers
Structural Parameters
Tags
Users
A Basic Penetration Test
Configuring Proxies
Desktop UI Overview
Dialogs
Add Alert dialog
Add/Edit Breakpoint dialog
Add Note dialog
Active Scan dialog
Encode / Decode / Hash dialog
Find dialog
History Filter dialog
Manual Request Editor dialog
Manage Add-ons
Manage History Tags dialog
Options dialog
Options Alerts screen
Options Anti CRSF screen
Options API screen
Options Active Scan screen
Options Active Scan Input Vectors screen
Options Breakpoints screen
Options Callback Address screen
Options Client Certificate screen
Options Check for Updates screen
Options Connection screen
Options Database screen
Dynamic SSL Certificates
Options Extensions screen
Options Global Exclude URL screen
Options HTTP Sessions screen
Options JVM screen
Options Keyboard screen
Options language screen
Options Local Proxies screen
Options Passive Scan Tags screen
Options Passive Scanner Screen
Options Passive Scan Rules Screen
Options Rule Configuration screen
Options Scripts screen
Options Search screen
Options Spider screen
Options Statistics screen
Options Display screen
Persist Session dialog
Scan Policy Dialog
Scan Policy Manager dialog
Scan Progress Dialog
Session Properties dialog
Session Context Authentication screen
Session Context Structure screen
Session Context screens
Spider dialog
Footer
The Tabs
Alerts tab
Active Scan tab
Break tab
Breakpoints tab
Callbacks tab
History tab
HTTP Sessions tab
Output tab
Params tab
Request tab
Response tab
Search tab
Sites tab
Spider tab
Top Level Menu
The Analyse menu
The Edit menu
The File menu
The Help menu
The Import menu
The Online menu
The Report menu
The Tools menu
The View menu
Top Level Toolbar
Views
Documentation
The ZAP by Checkmarx Desktop User Guide
Getting Started
Features
Features
ZAP provides the following features:
Active Scan
Add-ons
Alerts
Anti CSRF Tokens
API
Authentication
Authentication Methods
Authentication Verification Strategies
Breakpoints
Contexts
Data Driven Content
HTTP Sessions
Manipulator-in-the-middle Proxy
Marketplace
Modes
Notes
Passive Scan
Software Bill of Materials
Scan Policy
Scope
Scripts
Session Management
Sites Tree
Spider
Statistics
Structural Modifiers
Structural Parameters
Tags
Users
See also
UI Overview
for an overview of the user interface