OWASP ZAP

OWASP Flagship Twitter Follow

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

For more videos see the links on the wiki videos page.

Interested in a ZAP talk or training event? Not one near you? Contact a Zap Evangelist to arrange one!


Some of ZAP’s features:

  • Open source
  • Cross platform (it even runs on a Raspberry Pi!)
  • Easy to install (using a multi-platform installer builder)
  • Completely free (no paid for ‘Pro’ version)
  • Ease of use a priority
  • Comprehensive help pages
  • Fully internationalized
  • Translated into over 20 languages
  • Community based, with involvement actively encouraged
  • Under active development by an international team of volunteers ZAP is a fork of the well regarded Paros Proxy.

imageimage imageimage


Latest News:


Supporters

ZAP is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP: