OWASP Zed Attack Proxy (ZAP) v1.4.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
The current version of ZAP is 1.4.1
News flash: Simon's slides from AppSec Ireland are now online. He will also be talking about ZAP at OWASP Manchester on 11th September
Latest ZAP Tutorial video: The Initial Setup Guide
ZAP 1.4+ can be easily extended: see the ZAP-extensions project for some of the extensions you can add.
There are 3 ZAP related Google Summer of Code 2012 projects!
Please also see the new Sponsors and Supporters page.
OWASP ZAP is also the Toolsmith Tool of the Year for 2011!
The official OWASP ZAP homepage is on the OWASP site.
This Google Code project is used for the downloads, wiki, online help pages, links to videos, issues and source code.
Want a very quick introduction? See the project pamphlet.
For a slightly longer introduction see the project presentation.
For video introductions to ZAP see the links on the wiki videos page.
For more details about ZAP, including the full user guide, please see the wiki.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Some of ZAP's features:
Some of ZAP's characteristics:
It supports the following languages:
ZAP is a fork of the well regarded Paros Proxy. Details of the changes made are here: Releases |
Download Latest version -
Download other versions-
Screenshot -