OWASP zap security testing tool tutorial (Advanced)

OWASP ZAP Security testing tools tutorial （ senior ）

1. Set the security test policy
Click analyze –> Scanning strategy –> Enter the scanning strategy interface

 The higher the setting level is , The stronger the scanning depth and scanning range 

2. Set the scanning agent
Click Tools –> Options –>Local Proxies Enter the agent setting interface

 The proxy set should be the same as that set by the browser 

3. Force browsing websites and directories
（1） Select the website to be scanned with the mouse –> Right mouse button –> Selective attack –> Click the forced browsing website button

 Set the browser address and built-in dictionary 

（2） Select the website to be scanned with the mouse –> Right mouse button –> Selective attack –> Click force to browse the website directory

4. Automatic scanning
Select the website to be scanned with the mouse –> Right mouse button –> Selective attack –> Click the auto scan button

 The scanned website and directory will be automatically checked according to the set security policy 

5. Export test report
Click report –> Generate HTML The report

 Take the data with high and medium defect levels in the test report , Analyze safety defects , Use other tools to detect