ZAP (Zed Attack Proxy) is a free and simple to use penetration test tool designed to be used to make web applications more secure.
While ZAP can detect some security issues automatically, it is primarily designed to help you find security vulnerabilities manually.
Unlike some security tools ZAP is designed to be used by people with a wide range of security experience.
As such, ZAP is suitable for developers and functional testers who a new to penetration testing.
WARNING: You should NOT use ZAP on web applications that you do not have permission to test.
Here are some key features of "ZAP":
· Intercepting proxy
· Automated scanner
· Passive scanner
· 64-bit processor
What's New in This Release: [ read full changelog ]
· Issue 355: Allow Positional Fuzzing
· Issue 475: Http Sessions custom cookie value
· Issue 484: Check java version in zap.sh
· Issue 496: Allow to see the request and response at the same time in the main window
· Issue 505: Http Session API Implementation
· Issue 515: Change add-ons to make use of automatic load of messages
· Issue 516: Change add-ons messages keys to have unique prefix
· Issue 518: Add OData support
· Issue 537: Option to Force Browse files/resources with user-defined extensions
· Issue 538: Allow non sequential lines to be selected in the history log
· Issue 542: browse api - prompt window to enable
· Issue 551: Add csrfmiddlewaretoken to list of default Anti csrf tokens
· Issue 552: Make ZapPortNumberSpinner a subclass of ZapNumberSpinner
· Issue 553: Add option to filter alerts by scope
· Issue 561: Copy URLs right click option
· Issue 566: Abstract class for creating generic popups
· Issue 568: Allow extensions to run from the command line
· Issue 569: Allow Spider Scan to start ...