{"id":3010,"date":"2015-05-31T02:09:29","date_gmt":"2015-05-30T18:09:29","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3010"},"modified":"2015-09-09T19:36:37","modified_gmt":"2015-09-09T11:36:37","slug":"owasp-zed-attack-proxy-integrated-penetration-testing-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/05\/owasp-zed-attack-proxy-integrated-penetration-testing-tool\/","title":{"rendered":"OWASP Zed Attack Proxy – Integrated Penetration Testing Tool"},"content":{"rendered":"

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.<\/p>\n

With its automated scanner and powerful REST API, ZAP fits seamlessly into your continuous integration environment, allowing you to automate the finding of common issues while you\u2019re still in development.<\/p>\n

\"OWASP<\/p>\n

It’s classified as a flagship project for OWASP meaning it’s mature and has demonstrated strategic value to OWASP and application security as a whole. It’s also fully translated into 25 different languages, which is more than a lot of commercial\/enterprise tools.<\/p>\n

Alternatives to ZAP would be:<\/p>\n

Fiddler \u2013 Web Debugging Proxy For HTTP(S)<\/a>
\n– Burp Suite Free Edition v1.4 \u2013 Web Application Security Testing Tool<\/a>
\n– Charles Web Debugging Proxy \u2013 HTTP Monitor & Reverse Proxy<\/a><\/p>\n

We have written about ZAP before, when it first hit v1.0 back in 2010<\/a> and again when they had a major update in 2011<\/a>.<\/p>\n