Zap App running extremly slow on m1 macbook pro
96 views
Skip to first unread message
Lennart Boecken
Apr 19, 2024, 4:07:42 PM4/19/24
to ZAP User Group
Hi there,
I'm working on setting up Zap for a Django application and after a while, it starts running extremely slow. I'm running 2.14.0. The app is fast early on but after awhile performance tank to the point of being unable to use it.
The Django app serves both its own HTML and some React applications and the regular spider does go down a massive rabbit hole when exploring so I'm wondering if I need to exclude some of the static files for search.
What other information would be helpful to try and diagnose this?
I'm working on setting up Zap for a Django application and after a while, it starts running extremely slow. I'm running 2.14.0. The app is fast early on but after awhile performance tank to the point of being unable to use it.
The Django app serves both its own HTML and some React applications and the regular spider does go down a massive rabbit hole when exploring so I'm wondering if I need to exclude some of the static files for search.
What other information would be helpful to try and diagnose this?
Simon Bennetts
Apr 23, 2024, 7:28:25 AM4/23/24
to ZAP User Group
Is it ZAP thats running slow or the target app?
If its ZAP, how long is "after a while"?
And what are you doing with ZAP?
Cheers,
Simon
Lennart Boecken
Apr 24, 2024, 3:55:30 PM4/24/24
to ZAP User Group
Hi Simon,
Thanks for getting back & thanks for the video series. That's helped clarify some questions and raise others.
On ZAP being slow it happens when modifying / touching large number of items (in the site tree or while a scan is going on) the UI sometimes completely freezes.
Thanks for getting back & thanks for the video series. That's helped clarify some questions and raise others.
On ZAP being slow it happens when modifying / touching large number of items (in the site tree or while a scan is going on) the UI sometimes completely freezes.
Also exiting the context dialog using OK can be incredibly slow sometimes (10-30 seconds)
The app itself is unaffected and neither is anything else so it seems its the GUI that struggling although I've not tried the API yet as I'm still getting familiar with ZAP.
I am on M1 Macbook Pro and running ZAP 2.14.0
- domain.com/<app>/<view>
- domain.com/<app>/<view>.<function> (<function> is optional & may be followed by params)
- domain.com/<app>/<view>/<param1>/<param2>/<param3>..... (params match [a-zA-Z0-9])
I am having trouble figuring out how to help ZAP understand this structure. Using the structural modifiers, it looks like I'd need a regex for every varian of
<app>/<view>.<function> & <app>/<view>/ of which there are 100s.
Would a structural modifier for each regex be best here or an input vector script?
I'm happy to provide more information on anything if you are able to help.
I'm happy to provide more information on anything if you are able to help.
Lennart Boecken
Apr 24, 2024, 4:22:07 PM4/24/24
to ZAP User Group
Generally each param represents an item in our db so for the development DB I get around 4-5K unique nodes, when its really only a couple hundred at the top end.
Simon Bennetts
Apr 30, 2024, 4:17:12 AM4/30/24
to ZAP User Group
We call that data driven content: https://www.zaproxy.org/docs/desktop/start/features/ddc/
And yes, configuring ZAP to handle that efficiently should make a big difference.
I agree that structural modifiers look tricky in this case, so I would personally go for an input vector script.
For more details seehttps://www.zaproxy.org/blog/2020-09-22-sites-tree-modifiers/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages