OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner. It acts as a manipulator-in-the-middle proxy to intercept, inspect, and modify traffic between a browser and a web application to find security vulnerabilities.
OWASP ZAP (Zed Attack Proxy) is a widely used, free, and open-source tool for web application security testing. Maintained by a global community under the OWASP Foundation, it helps developers and security professionals find and fix vulnerabilities. ZAP functions as a 'manipulator-in-the-middle proxy,' intercepting traffic between a browser and a web app for inspection and modification. It supports automated scanning, active attacks, and passive analysis. Key features include a spider for discovering content, a fuzzer for testing inputs, and robust API for CI/CD integration. ZAP is highly extensible via a marketplace of add-ons. It is a free tool with no paid tiers, supported by a large community. It is available for Windows, Linux, macOS, and as Docker images, making it a versatile choice for security testing.
Provides a range of options for security automation to find vulnerabilities.
Scans applications for vulnerabilities both actively (by attacking) and passively (by observing traffic).
Includes an advanced fuzzer for manual testing by sending unexpected or malformed data to an application.
Offers a REST API for integration into CI/CD pipelines and other automated workflows.
A marketplace provides numerous add-ons to extend ZAP's functionality, contributed by the community.
Available for Windows, Linux, and macOS, and as Docker images.
Automatically discovers new resources (URLs) on a web application.
Enables testing of applications that use WebSockets for communication.
Provides mechanisms to handle various authentication schemes during scans.
Supports scripting in multiple languages to customize ZAP's behavior.
Displays a hierarchical view of the sites and resources explored.
Intercepts and inspects all HTTP/S traffic between the browser and the web application.
Generates detailed alerts for identified vulnerabilities with risk levels and remediation advice.
Can generate reports in various formats like HTML, XML, and JSON.
Be the first to drop a review
Enzoic, headquartered in Boulder, Colorado, is a cybersecurity company specializing in compromised credential detection and…
Appknox is a security software platform from Appknox that focuses on mobile and web application…
VerifyWP is a highly efficient, laser-focused tool in the WordPress Security and Code Integrity landscape.…
NowSecure Platform is a mobile application security testing (AST) solution. It provides continuous, automated testing…
Spot something wrong or outdated?
Suggest a correction — a reviewer verifies every change.
OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner. It acts as a manipulator-in-the-middle proxy to intercept, inspect, and modify traffic between a browser and a web application to find security vulnerabilities.
Does OWASP ZAP (Zed Attack Proxy) have an in-app market place?
Yes
How many Mini-Apps in the marketplace?
0
Documentation
https://www.zaproxy.org/docs/Community Forums
https://www.zaproxy.org/community/Enzoic, headquartered in Boulder, Colorado, is a cybersecurity company specializing in compromised credential detection and…
Appknox is a security software platform from Appknox that focuses on mobile and web application…
VerifyWP is a highly efficient, laser-focused tool in the WordPress Security and Code Integrity landscape.…
NowSecure Platform is a mobile application security testing (AST) solution. It provides continuous, automated testing…