HelpUiDialogsScanpolicy
This allows you to enable and disable the rules that are run when performing an active scan. The first screen allows you to define the default levels as well as the levels for all of the rules in a specific category.
The category screens allow you to define the levels for every individual rule.
Note that passive scan rules are no longer managed via this dialog but are instead managed via the Options Passive Scan Rules.
This controls how likely ZAP is to report potential vulnerabilities. If you select Low then more potential issues will be raised which may increase the number of false positives. If you select High then fewer potential issues will be raised which may mean that some real issues are missed (false negatives).
This controls the number of attacks that ZAP will perform. If you select Low then fewer attacks will be used which will be quicker but may miss some issues. If you select High then more attacks will be used which may find more issues but will take longer. The Insane level should typically only be used for small parts of an application as it can result in a very large number of attacks being used, which can take a considerable length of time.
| Scan Policy Manager dialog |
| UI Overview | for an overview of the user interface | |
| Dialogs | for details of the dialogs or popups |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
