[Software] OWASP Zed Attack Proxy Project - ZAP 1.3.3
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Some of ZAP’s features:
Brute Force scanner
Dynamic SSL certificates
. Beanshell integration
Some of ZAP’s characteristics:
Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Under active development
Free (no paid for ‘Pro’ version)
Involvement actively encouraged
ZAP is a fork of the well regarded Paros Proxy.
Version 1.3.3 has just been released, which is the third bugfix release of the 1.3.x branch. Compared to previous releases, the 1.3.x branch adds the following main features:
Fuzzing (using components from JBroFuzz)
Dynamic SSL Certificates
Daemon mode and API to allow other tools to interact with ZAP
Out of the box support for 10 languages