The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application.
Features
- ZAP can be run in a completely automated way
- ZAP is a fork of the open source variant of the Paros Proxy
- Designed specifically for testing web applications and is both flexible and extensible
- It can be used as a stand-alone application, and as a daemon process
- If there is another network proxy already in use, as in many corporate environments, ZAP can be configured to connect to that proxy
- ZAP provides functionality for a range of skill levels – from developers, to testers new to security testing, to security testing specialists
Project Samples
