Configuring Spider Settings

Optimal Spider configuration balances thoroughness with efficiency. Access Spider options through Tools > Options > Spider to adjust global settings. The maximum depth parameter controls how many links deep the Spider follows from seed URLs. Default settings work for most applications, but complex sites might require increased depth. Setting depth too high can cause endless crawling in applications with infinite URL patterns, while too shallow misses important functionality.

Thread configuration significantly impacts Spider performance. More threads enable parallel crawling, reducing discovery time for large applications. However, excessive threads can overwhelm target servers or trigger rate limiting. Start with 2-5 threads for local applications, adjusting based on server capacity. Production scanning might require single-threaded operation to minimize impact. Monitor server response times during spidering to identify optimal thread counts.

# Spider Configuration Best Practices
Maximum Depth: 10 (default) - Increase for deep sites
Maximum Children: 0 (unlimited) - Set limits for wide sites  
Maximum Parse Size: 1000000 bytes - Adjust for large pages
Thread Count: 2-10 - Based on server capacity
Request Delay: 200ms - Add delays for rate-limited sites

Domain scope configuration prevents the Spider from wandering beyond intended targets. ZAP's scope settings define which URLs to include or exclude from crawling. Always define scope before spidering to prevent accidental scanning of third-party services. Include subdomains explicitly if testing should cover them. Exclude logout URLs to maintain authenticated sessions during crawling. Careful scope definition ensures legal compliance and efficient resource usage.