The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Features

  • Intercepting proxy
  • Automated scanner
  • Passive scanner
  • Spider

Next Release

The next release of OWASP ZAP, planned for later this year, is expected to include:

  • OWASP rebranding
  • Improvements to the passive and active automated scanners
  • Improvements the Spider
  • The addition a basic port scanner
  • The ability to brute force files and directories (using components from DirBuster)

ZAP is actually a fork from Paros Proxy.

Cross Platform – ZAP_1.0.0b_installation.tar.gz
Windows Installer – ZAP_1.0.0_installer.exe

more info

Advertisements
Comments
  1. Psiinon says:

    ZAP is now on version 1.3.1, and has many more features than the ones listed here.
    Download from https://code.google.com/p/zaproxy/downloads/list

    Psiinon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s