Cloud Security -

If you are using ZAP for a publicly accessible web application, you may also use Chimera. Chimera runs from the cloud and does not require installation of any local software.

Video walkthrough of setting up ZAP tool for Browser:

  1. Installation
  1. Download ZAP from here.
  2. Install and open ZAP        

  1. Installing certificate

Since all requests and responses are proxied by ZAP, the certificate verification will fail for sites using SSL (HTTPS) and the connection will be terminated. To prevent this from happening, ZAP generates an SSL certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time ZAP is run, and is stored locally. To use the ZAP Proxy with these websites, you will need to install ZAP’s CA certificate as a trusted root in your browser.

  1. Go to Tools>Options>Dynamic SSL Certificate. Click Generate and then click Save.
  2. Save the certificate in the desired location.
  3. Open your browser and install the Certificate to your browser (Firefox, Chrome, IE) accordingly 
  1. Configuring Proxy
  1. Open your preferred browser and set up the proxy as shown here (You can use port 8080 as the port)

  1. In the ZAP UI, go to Tools>Options>Local Proxy
  2. Make sure the port is set to 8080 (or the port you have configured in your browser)

  1. Open any website using SSL in your browser and make sure the site shows up in the sites list.

Next: Running the Scan