- Available on Premium tier plans -

When running the OWASP Zap scanner, you can get an additional level of detail covering sections of your application that are only available to logged in users.

There are two options for setting up an authenticated scan

1. Using a selenium script to walk through filling out your login form. Setting up an authenticated scan requires capturing your login process using Selenium screen recordings. We've written up a detailed explanation for setting them up on our Authenticated Scans page.

2. Using a custom request header to bypass authentication. You can set arbitrary headers that your application can detect for bypassing your login process. See Customize Request Headers.