Performing Manual Exploration

Manual exploration before automated scanning improves results by helping ZAP understand your application's structure. In the ZAP-launched browser, navigate to your target application (http://localhost:3000). Click through various pages, exploring different features like product listings, search functionality, and user registration. Each action sends requests through ZAP, building a map of the application in the Sites tree.

The Sites tree in ZAP populates as you browse, showing the hierarchical structure of discovered URLs. Expand the tree to see different sections of your application. Notice how ZAP categorizes content by directory structure and identifies parameters in URLs. This manual exploration phase teaches ZAP about your application's functionality, improving subsequent automated scanning accuracy.

Authentication represents a crucial aspect often missed in first scans. Create an account in Juice Shop and log in through the ZAP-proxied browser. ZAP captures the authentication process, enabling authenticated scanning later. Explore functionality available only to logged-in users, such as adding items to cart or viewing order history. This comprehensive exploration ensures ZAP understands both public and authenticated areas of your application.