OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Changelog v2.3.1
The following changes were made in this release:
- ZAP changes request data (while switching views) ( Issue 81 )
- Unfulfilled dependencies hang the active scan ( Issue 377 )
- Cant remove scripts marked as ‘load on start’ ( Issue 1073 )
- core.newSession doesn’t clear Sites ( Issue 1114 )
- Historical Request Tab Doesn’t allow formatting changes ( Issue 1155 )
- Proxy gzip decoder doesn’t update content length in response headers ( Issue 1156 )
- Unable to set a home directory with a space on the command line ( Issue 1163 )
- Redundant indexes in zapdb.script ( Issue 1166 )
- Add proxy support for “deflate” content encoding ( Issue 1168 )
- Spider Context/User pop up menus no longer shown ( Issue 1170 )
- Unable to select 2 requests in fuzz results (Ctrl + click) ( Issue 1179 )
- Vulnerable pages active scanned only once ( Issue 1181 )
- Alerts of same type for different parameters of same vulnerable page shown only once in “Alerts” tree ( Issue 1182 )
- NullPointerException while selecting a node in the “Alerts” tab after deleting a message ( Issue 1183 )
- Cmdline session params have no effect ( Issue 1191 )
- Scan URL path elements – turn off by default ( Issue 1193 )
- Command line arguments are not passed to extensions when starting ZAP in daemon mode ( Issue 1194 )
- AbstractPlugin.bingo incorrectly sets evidence to attack ( Issue 1196 )
- Issue with loading addons that did not initialize correctly ( Issue 1202 )
- WordPress Authentication Script ( Issue 1203 )
- ‘History’ tab is not cleared when a new session is created through the API with ZAP in GUI mode ( Issue 1206 )
