It’s been a while since the last time we wrote about the OWASP ZAP – Zed Attack Proxy for Web Application Penetration Testing, back in October 2010.
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Main Features
- Intercepting Proxy
- Automated scanner
- Passive scanner
- Brute Force scanner
- Spider
- Fuzzer
- Port scanner
- Dynamic SSL certificates
- API
- Beanshell integration
What’s New?
A new version has been released, v1.3.0, the release adds the following main features:
- Fuzzing, using the JBroFuzz library
- Dynamic SSL Certificates
- Daemon mode and API
- BeanShell integration
- Full internationalization
- Out of the box support for 10 languages
You can download ZAP v1.3.0 here:
Windows Installer – ZAP_1.3.0_Windows.exe
Linux Installer – ZAP_1.3.0_Linux.tar.gz
Mac OSX Installer – ZAP_1.3.0_Mac_OS_X.zip
Or read more here.