Spider and proxy modes are two commonly employed methods supported by dynamic application security testing (DAST) software. Despite efforts to enhance the automated spider's efficiency, deep exploration of web applications is still constrained by the need for manual intervention in certain complex UI operations. In this regard, the proxy mode serves a crucial intermediary, intercepting and inspecting request messages exchanged between the browser and the web application during manual or scripted browsing activities. This study aims to assess the efficacy of these two modes in terms of code coverage and the number of requests, utilizing two popular PHP-based open-source web applications. The experimental findings demonstrate that employing a hybrid mode (Spider-Last) yields a significant improvement compared to using the spider orproxy mode independently.