The OWASP
Zed Attack Proxy (ZAP) is easy to use integrated penetration testing
tool for finding vulnerabilities in web applications. It is designed to
be used by people with a wide range of security experience and as such
is ideal for developers and functional testers who are new to
penetration testing as well as being a useful addition to an experienced
pen testers toolbox.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Open source
- Cross-platform
- Easy to install (just requires java 1.7)
- Completely free (no paid for ‘Pro’ version)
- Ease of use a priority
- Comprehensive help pages
- Fully internationalized
- Translated into a dozen languages
- Community-based, with involvement, actively encouraged
- Under active development by an international team of volunteers
- Intercepting Proxy
- Traditional and AJAX spiders
- Automated scanner
- Passive scanner
- Forced browsing
- Fuzzer
- Dynamic SSL certificates
- Smartcard and Client Digital Certificates support
- Web sockets support
- Support for a wide range of scripting languages
- Plug-n-Hack support
- Authentication and session support
- Powerful REST based API
- Automatic updating option
- Integrated and growing marketplace of add-ons
This is a bug fix and enhancement release, which requires a minimum of Java 8.
Some of the more significant enhancements include:
- Browser launch included by default – this allows you to launch browsers from ZAP that are preconfigured to proxy through ZAP and ignore the certificate warnings due to the ZAP root certificate.
- Allow ZAP to listen on multiple addresses/ports
- Support Server Name Indication
- Updated NTLM engine implementation – this fixes the cases where the domain is being validated and improves interoperability with other (server) NTLM implementations.
- Lots of new API endpoints – see below for details
- More…
OWASP ZAP Tutorial
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also Penetration Testing Services
ReplyDelete