OWASP Zed Attack Proxy (ZAP) is a favorite tool for web application scanning and vulnerability testing with a simple GUI and customization capabilities. Faced with logging in and scanning authenticated segments, it was found that the post request required a token parameter from the Javascript header. ZAP's Basic Authentication scripting couldn't handle this. Zest, the ZAP scripting language, was used. Recording a new Zest Script was the easiest way. It extracted the token and automated the login process. Extra steps and page calls were removed. The login script had 3 requests. Running the script with the Run button and using a custom Context to apply it. Spider the site first and then perform an Active Scan. Don't select the Forced User Mode button. Set the LoginURL to the starting page in Context settings. These steps integrated automated security testing into the application's DevOps process. A 500 error page return occurred when there were issues like not getting the correct token or incorrect login URL setup.