What is the difference between different modes of scan in owasp zap?

[Prathitha CB]

Hello,

What is the difference between different modes of scan - Safe, Protected, Standard, and Attack - in owasp zap?

Whether do me miss out any vulnerability if we switch between scans?

I usually use 'Attack mode' to do spider scan and active scan.

Also, is there any issue if we use 'standard mode' while recording and 'attack mode' while active scan?

Thanks and regards,

Prathitha CB

[Simon Bennetts]

The modes are described in the help that comes with ZAP, which is also online: https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsModes
You will definitely miss out on vulns in Safe mode as it wont allow you to do any attacking :)

Attack mode means that ZAP will attack each 'new' page as you discover them. Its a very effective way to constrain ZAP to just attack the parts of the app you want it to.
Theres probably not much point in running an Active Scan at the same time as using Attack mode as they will be doing the same things.
I guess in theory you could run an Active scan on one subtree while performing an Attack mode scan on another par of the application.

Does that make sense?

Simon

[Prathitha CB]

Thank you Simon...

It makes sense. If we need to check the vulns better to work with Attack mode. Otherwise we miss out some vulns.

Thanks,

Prathitha CB