ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications



The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Release 2.4.2

The following changes were made in this release:

Enhancements:
  • Issue 1306 : Java PermSize command line flag removed in Java 8
  • Issue 1593 : Auto-scroll in Spider tab
  • Issue 1600 : Dont report X-Frame-Options alert on 403 and 404 pages
  • Issue 1654 : httpSessions/createEmptySession should initialize a site that was not previously visited
  • Issue 1702 : Add "recurse" option to the spider API
  • Issue 1715 : Unable to pass arguments when launching ZAP from the command line on Mac OS X
  • Issue 1766 : Remove context via the API
  • Issue 1768 : Update to use a more recent user-agent
  • Issue 1778 : Passive scan AJAX spider requests
  • Issue 1790 : Move Buffer Overflow Scanner from Beta to Release
  • Issue 1793 : Allow active scan scripts to check if the scan was stopped
  • Issue 1795 : Allow JVM options to be configured via GUI
  • Issue 1799 : Minor Feature Request: Allow URL to be pasted into start Spider dialog.
  • Issue 1802 : Minor Enhancement: Change active Pause Button to a Play button
  • Issue 1849 : Option to merge related issues in reports
  • Issue 1857 : Libraries that were updated
  • Issue 1865 : Increase maximum db size

Bug fixes:
  • Issue 1760 : Unable to initialize home directory! xml/config.xml (No such file or directory)
  • Issue 1763 : Automatic check for updates fails to report new versions
  • Issue 1770 : Exceptions when calling (some) context API actions in daemon mode
  • Issue 1771 : For OSX the zap.sh in the core download hard-codes the relative java location
  • Issue 1772 : On OS X, Found Java version lies
  • Issue 1777 : "Cannot locate configuration source null.policy" after opening "Active Scan" dialogue
  • Issue 1781 : ZAP errors with "Unsupported option '-psn_x_xxxxxxx'" on OS X
  • Issue 1784 : NullPointerException when active scanning through the API with a target without scheme
  • Issue 1785 : Plugin enabled even if dependencies are not, "hangs" active scan
  • Issue 1787 : Context not used by the Spider even if selected
  • Issue 1788 : Scan Progress Pane Needs Sorting Change
  • Issue 1789 : Forced Browse/AJAX Spider messages not restored to Sites tab
  • Issue 1792 : Report not generated in daemon mode
  • Issue 1798 : Stop Attack Feature Locks up ZAP?
  • Issue 1804 : Disable processing of XML external entities by default
  • Issue 1805 : ZAP API might not return the response in requested format on errors
  • Issue 1858 : Spider might report wrong progress after finishing
  • Issue 1872 : EDT accessed in daemon mode