OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Changelog v2.3.0, highlights
- A ZAP ‘lite’ version in addition to the existing ‘full’ version
- View, intercept, manipulate, resend and fuzz client-side (browser) events
- Enhanced authentication support
- Support for non standard apps
- Input Vector scripts
- Scan policy – fine grained control
- Advanced Scan dialog
- Extended command line options
- More API support
- Internationalized help file
- Keyboard shortcuts
- New UI options
- More functionality moved to add-ons
- New and improved active and passive scanning rules