Skip to main content

Generate a ZAP Configuration File

In this section, we explain how a ZAP configuration file can be generated.

  1. Install ZAP on your local machine. Download ZAP from the following link: https://www.zaproxy.org/download/

  2. Open ZAP.

  3. In the hierarchy under Contexts, double-click Default Context.

    1.png

  4. Define the URL to do the test. Select the Include in Context option, click Add, enter the URL, and click Add.

    2.png

  5. Select Authentication and define the type of authentication you want to use and then click OK.

    3.png

  6. Create the user(s) you want to use on the scans.

    4.png

  7. Click the + button at the bottom of the window and then click Automation.

    5.png

  8. Click the New Plan button.

    6.png

  9. Select one of the following profiles:

    • For a web scan, select the Full Scan profile.

      7.png

    • For an API scan select the OpenAPI profile.

      8.png

    Notice

    The type of jobs presented will depend on the add-ons installed. If some of the intended jobs don't appear go to the manage add-on option and install them.

    9.png

  10. Click Save.

  11. Double-click on each job if you want to change the context associate or in some cases (Spider Ajax for example) to determine the user to use in the job.

    10.png
    11.png

    Example for the Spider JOB

    12.png

    Example for the Ajax Spider JOB

  12. To save the plan, click the Save As button and then choose the folder.

    13.png
    14.png

Here are two examples of configuration files. One for a web scan and the second for an API scan. They are viewable in a text editor like Notepad.

API SCAN

WEB SCAN

In this section: