Memory and Performance Problems

Large scans consuming excessive memory represent another frequent issue, especially when testing complex applications. ZAP stores all traffic in memory by default, eventually exhausting available RAM. Monitor memory usage through operating system tools during scans. When approaching limits, save and close sessions to free memory. Configure ZAP to use database storage for large sessions through command-line parameters.

Java heap errors indicate insufficient memory allocation for ZAP's Java Virtual Machine. Increase heap size by editing the ZAP startup script. On Windows, modify zap.bat to include -Xmx4g for 4GB heap allocation. Linux and Mac users should edit zap.sh similarly. Balance allocated memory with system resources—allocating too much causes system instability while too little limits scanning capability.

# Increasing ZAP memory allocation

# Linux/Mac - Edit zap.sh
java -Xmx4g -XX:+UseG1GC -jar zap.jar

# Windows - Edit zap.bat
java -Xmx4096m -XX:+UseG1GC -jar zap.jar

# Command line with custom memory
./zap.sh -cmd -Xmx6g

# Monitor memory usage during scans
# Linux
watch -n 1 'ps aux | grep -i zap'

# Mac
top -pid $(pgrep -i zap)

Scan performance degradation often results from aggressive thread settings overwhelming target applications. Reduce active scan threads through Scan Policy configurations. Implement delays between requests for rate-limited applications. Monitor target application logs for errors indicating overload. Sometimes slower scans produce better results by avoiding application defensive measures.