OWASP ZAP has the ability to perform active and passive vulnerability scans; passive scans are unintrusive tests that OWASP ZAP makes while we browse, send data, and click links. Active tests involve the use of various attack strings against every form variable or request value in order to detect if the servers respond with what we can call a vulnerable behavior.

OWASP ZAP has test strings for a wide variety of technologies; it is useful first to identify the technologies that our target uses, in order to optimize our scan and diminish the probability of being detected or causing a drop in the service.

Another interesting feature of this tool is that we can analyze the request that results in the detection of a vulnerability and its corresponding response in the same window, and at the moment it is detected. This allows us to determine rapidly whether it is a real vulnerability or a false positive and whether to develop our proof of concept (PoC) or start the exploitation.