Penetration Testing Tool for Testing Web Applications - OWASP ZAP 2.7.0


The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

For general information about ZAP:
  • Home page - the official ZAP page on the OWASP wiki (includes a donate button;)
  • Twitter - official ZAP announcements (low volume)
  • Blog - official ZAP blog
  • Monthly Newsletters - ZAP news, tutorials, 3rd party tools and featured contributors
  • Swag! - official ZAP swag that you can buy, as well as all of the original artwork released under the CC License
For help using ZAP:
Information about the official ZAP Jenkins plugin:
To learn more about ZAP development: