Post-Installation Configuration

After successful installation, initial configuration optimizes ZAP for your specific needs. The first launch presents a session persistence dialog—choose whether to persist session data based on your usage patterns. Development environments benefit from session persistence to maintain scan history, while temporary testing might prefer non-persistent sessions for privacy.

Certificate generation for HTTPS inspection requires attention on all platforms. ZAP generates a root certificate that must be installed in browsers and system certificate stores to inspect SSL/TLS traffic. Each browser has specific procedures for certificate installation, with some requiring administrator privileges. Mobile testing requires installing certificates on devices, with platform-specific procedures for iOS and Android.

Proxy configuration varies by network environment. Corporate networks often require upstream proxy settings for internet access. ZAP's Options > Connection menu allows configuring HTTP/HTTPS proxy settings, authentication credentials, and bypass rules. Testing internal applications might require adjusting proxy settings to prevent routing internal traffic through corporate proxies.