|
|
(37 intermediate revisions by 7 users not shown) |
Line 1: |
Line 1: |
− | = Main =
| |
| <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div> | | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div> |
| {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- |
− | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
− | [[Image:zap128x128.png|right]]
| |
| {{ReviewProject|projectname=zaproxy|language=en}} | | {{ReviewProject|projectname=zaproxy|language=en}} |
| <div style="font-size:120%;border:none;margin: 0;color:#000"> | | <div style="font-size:120%;border:none;margin: 0;color:#000"> |
− | The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers[[#Justification|*]]. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
| + | For more details about ZAP see the new ZAP website at [https://www.zaproxy.org zaproxy.org][[Image:Zap-website.png | link=https://www.zaproxy.org/]] |
| | | |
− | ====ZAP 2.6.0 is now available and includes important security fixes. Please update asap!====
| + | {{Social Media Links}} |
| | | |
− | [[Image:ZAP-Download.png | link=https://github.com/zaproxy/zaproxy/wiki/Downloads]]
| + | | style="padding-left:25px;width:200px;" valign="top" | |
| | | |
− | ====Please help us to make ZAP even better for you by answering the [https://docs.google.com/forms/d/1-k-vcj_sSxlil6XLxCFade-m-IQVeE2h9gduA-2ZPPA/viewform ZAP User Questionnaire]!==== | + | == Quick Download == |
| | | |
− | For a quick overview of ZAP and an introduction to the [https://wiki.jenkins-ci.org/display/JENKINS/zap+plugin official ZAP Jenkins plugin] see these tutorial videos on YouTube:
| + | [https://github.com/zaproxy/zaproxy/wiki/Downloads Download OWASP ZAP!] |
− | | |
− | {|
| |
− | |-
| |
− | {{#ev:youtube|eH0RBI0nmww}}
| |
− | {{#ev:youtube|mmHZLSffCUg}}
| |
− | |}
| |
| | | |
− | For more videos see the links on the [https://github.com/zaproxy/zaproxy/wiki/Videos wiki videos page].
| + | == Donate to ZAP == |
| | | |
− | Interested in a ZAP talk or training event? See the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Talks talks] tab. Not one near you? Contact a [https://github.com/zaproxy/zaproxy/wiki/ZapEvangelists Zap Evangelist] to arrange one!
| + | <div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation |
− | | |
− | {{#widget:PayPal Donation | |
| |target=_blank | | |target=_blank |
− | |budget=Zed Attack Proxy | + | |budget=Zed Attack Proxy }} |
− | }} | + | </div> |
− | | |
− | For general information about ZAP:
| |
− | * [https://twitter.com/zaproxy Twitter] - official ZAP announcements (low volume)
| |
− | * [https://zaproxy.blogspot.co.uk/ Blog] - official ZAP blog
| |
− | | |
− | For help using ZAP:
| |
− | * [https://github.com/zaproxy/zaproxy/releases/download/2.6.0/ZAPGettingStartedGuide-2.6.pdf Getting Started Guide (pdf)] - an introductory guide you can print
| |
− | * [https://www.youtube.com/playlist?list=PLEBitBW-Hlsv8cEIUntAO8st2UGhmrjUB Tutorial Videos]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki User Guide] - online version of the User Guide included with ZAP
| |
− | * [https://groups.google.com/group/zaproxy-users User Group] - ask questions about using ZAP
| |
− | * [https://github.com/zaproxy/zap-extensions/wiki Add-ons] - help for the optional add-ons you can install
| |
− | * [https://stackoverflow.com/questions/tagged/zap StackOverflow] - because some people use this for all everything ;)
| |
− | | |
− | To learn more about ZAP development:
| |
− | * [https://github.com/zaproxy Source Code] - for all of the ZAP related projects
| |
− | * [https://github.com/zaproxy/zaproxy/wiki/Introduction Wiki] - lots of detailed info
| |
− | * [https://groups.google.com/group/zaproxy-develop Developer Group] - ask questions about the ZAP internals
| |
− | * [https://crowdin.com/project/owasp-zap Crowdin (GUI)] - help translate the ZAP GUI
| |
− | * [https://crowdin.com/project/owasp-zap-help Crowdin (User Guide)] - help translate the ZAP User Guide
| |
− | * [https://www.openhub.net/p/zaproxy OpenHub] - FOSS analytics
| |
− | * [https://www.bountysource.com/teams/zap/issues BountySource] - Vote on ZAP issues (you can also donate money here, but 10% taken out)
| |
− | | |
− | ===Justification===
| |
− | Justification for the statements made in the tagline at the top;)
| |
− | | |
− | Popularity:
| |
− | * ToolsWatch Annual Best Free/Open Source Security Tool Survey:
| |
− | ** 2016 [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ 2nd]
| |
− | ** 2015 [http://www.toolswatch.org/2016/02/2015-top-security-tools-as-voted-by-toolswatch-org-readers/ 1st]
| |
− | ** 2014 [http://www.toolswatch.org/2015/01/2014-top-security-tools-as-voted-by-toolswatch-org-readers/ 2nd]
| |
− | ** 2013 [http://www.toolswatch.org/2013/12/2013-top-security-tools-as-voted-by-toolswatch-org-readers/ 1st]
| |
− | | |
− | Contributors:
| |
− | * [https://www.openhub.net/p/zaproxy Code Contributors]
| |
− | * [https://crowdin.com/project/owasp-zap ZAP core i18n Contributors]
| |
− | * [https://crowdin.com/project/owasp-zap-help ZAP help i18n Contributors]
| |
− | | |
− | | |
− | {{Social Media Links}}
| |
− | | |
− | | valign="top" style="padding-left:25px;width:200px;" |
| |
− | | |
− | == Quick Download ==
| |
− | | |
− | [https://github.com/zaproxy/zaproxy/wiki/Downloads Download OWASP ZAP!]
| |
| | | |
| == News and Events == | | == News and Events == |
Line 93: |
Line 38: |
| == Project Leader == | | == Project Leader == |
| | | |
− | Project Leader<br/>[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto: [email protected] @] | + | Project Leader<br />[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto: [email protected] @] |
| + | |
| + | Co-Project Leaders<br />[https://www.owasp.org/index.php/User:Ricardo.Pereira Ricardo Pereira] [mailto:[email protected] @] |
| + | |
| + | [https://www.owasp.org/index.php/User:Rick.mitchell Rick Mitchell] [mailto:[email protected] @] |
| | | |
| == Related Projects == | | == Related Projects == |
Line 100: |
Line 49: |
| * [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF] | | * [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF] |
| | | |
− | == Ohloh == | + | == Open Hub Stats == |
| | | |
| *https://www.openhub.net/p/zaproxy | | *https://www.openhub.net/p/zaproxy |
Line 108: |
Line 57: |
| {| width="200" cellpadding="2" | | {| width="200" cellpadding="2" |
| |- | | |- |
− | | align="center" valign="top" rowspan="2" width="50%" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] | + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] |
− | | align="center" valign="center" width="50%"| [[File:Owasp-builders-small.png|link=]] | + | | width="50%" valign="center" align="center" | [[File:Owasp-builders-small.png|link=]] |
| | | | | |
| |- | | |- |
− | | align="center" valign="center" width="50%"| [[File:Owasp-breakers-small.png|link=]] | + | | width="50%" valign="center" align="center" | [[File:Owasp-breakers-small.png|link=]] |
| |- | | |- |
− | | colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License] | + | | colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License] |
| |- | | |- |
− | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] | + | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] |
| |} | | |} |
| | | |
− | |} | + | |}<div style="font-size:120%;border:none;margin: 0;color:#000"> |
− | | |
− | = Screenshots =
| |
− | [[Image:zap128x128.png|right]]
| |
− | {|
| |
− | |-
| |
− | |
| |
− | [[Image:ZAP-ScreenShotAddAlert.png||400px||ZAP Add Alert Screen Shot]]
| |
− | |
| |
− | [[Image:ZAP-ScreenShotHelp.png||400px|left|ZAP Help Screen Shot]]
| |
− | |-
| |
− | |
| |
− | [[Image:ZAP-ScreenShotHistoryFilter.png|thumb|400px|left|ZAP History Filter Screen Shot]]
| |
− | |
| |
− | [[Image:ZAP-ScreenShotSearchTab.png|thumb|400px|left|ZAP Search Tab Screen Shot]]
| |
− | |}
| |
− | | |
− | = Talks =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | {{:Projects/OWASP Zed Attack Proxy Project/Pages/Talks | Talks}}
| |
− | | |
− | | |
− | </div>
| |
− | = News =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | {{:Projects/OWASP Zed Attack Proxy Project/Pages/News | News}}
| |
− | | |
− | </div>
| |
− | = ZAP Gear =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000"> | |
− | | |
− | Yes, you can now buy ZAP related gear!
| |
− | | |
− | All of the artwork for ZAP swag is released under the Creative Common License and can be downloaded from the [https://github.com/zaproxy/zap-swag zap-swag] repo.
| |
− | | |
− | You can of course use the artwork from this repo with any other online store that you like.
| |
− | | |
− | A range of products can be purchased from [http://www.redbubble.com/people/zaproxy Redbubble]
| |
− | | |
− | Stickers can be purchased from [https://www.stickermule.com/uk/user/1070684077/stickers Stickermule]
| |
− | | |
− | T-shirts can be purchased from [http://www.cafepress.com/zaproxy Cafepress]
| |
− | | |
− | [[Image:zap-tshirt-cp.PNG | link=http://www.cafepress.com/zaproxy]]
| |
− | | |
− | </div>
| |
− | | |
− | = Supporters =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | | |
− | ZAP is developed by a worldwide [https://github.com/zaproxy/zap-core-help/wiki/HelpCredits team] of volunteers.
| |
− | | |
− | But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:
| |
| | | |
− | * [http://www.mozilla.org Mozilla]
| |
− | * [http://www.linuxfoundation.org/ The Linux Foundation]
| |
− | * [http://www.owasp.org OWASP]
| |
− | * [http://www.sage.co.uk Sage]
| |
− | * [http://www.google.com Google]
| |
− | * [http://www.microsoft.com Microsoft]
| |
− | * [http://www.hacktics.com/ Hacktics, Ernst & Young]
| |
− | * [http://www.dinosec.com/ DinoSec]
| |
− | * [http://www.denimgroup.com Denim Group]
| |
− | * [http://www.aspectsecurity.com/ Aspect Security]
| |
− | * [http://secureideas.net SecureIdeas]
| |
− | * [http://utilisec.com UtiliSec]
| |
− | * [http://www.encription.co.uk/ encription]
| |
− | * [https://www.accenture.com/us-en/digital-index.aspx Accenture Digital]
| |
| </div> | | </div> |
| | | |
− | = Functionality =
| + | __NOTOC__ |
− | [[Image:zap128x128.png|right]]
| + | [[Category:OWASP Project|Zed Attack Proxy Project]] |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | '''Some of ZAP's functionality:'''
| |
− | | |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsIntercept Intercepting Proxy]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsSpider Traditional] and AJAX spiders
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAscan Automated scanner]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsPscan Passive scanner]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsBruteforce Forced browsing]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsFuzz Fuzzer]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsDynsslcert Dynamic SSL certificates]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/SmartCards Smartcard and Client Digital Certificates support]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsWebsocketIntroduction Web sockets] support
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts Support for a wide range of scripting languages]
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki//HelpAddonsPlugnhackPlugnhack Plug-n-Hack support]
| |
− | * Authentication and session support
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi Powerful REST based API]
| |
− | * Automatic updating option
| |
− | * [https://github.com/zaproxy/zap-extensions/wiki Integrated and growing marketplace of add-ons]
| |
− | | |
− | </div>
| |
− | = Features =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | '''Some of ZAP's features:'''
| |
− | | |
− | * [http://www.apache.org/licenses/LICENSE-2.0 Open source]
| |
− | * Cross platform (it even runs on a [https://github.com/zaproxy/zaproxy/wiki/zappi Raspberry Pi!])
| |
− | * Easy to install (using a [https://www.ej-technologies.com/products/install4j/overview.html multi-platform installer builder])
| |
− | * Completely free (no paid for 'Pro' version)
| |
− | * Ease of use a priority
| |
− | * [https://github.com/zaproxy/zap-core-help/wiki/HelpIntro Comprehensive help pages]
| |
− | * Fully internationalized
| |
− | * Translated into over 20 languages
| |
− | * Community based, with involvement actively encouraged
| |
− | * Under active development by an international team of volunteers
| |
− | | |
− | ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].
| |
− | | |
− | </div>
| |
− | | |
− | = Languages =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | | |
− | '''ZAP supports the following languages:'''
| |
− | | |
− | * English
| |
− | * Arabic
| |
− | * Bosnian
| |
− | * Brazilian Portuguese
| |
− | * Chinese
| |
− | * Danish
| |
− | * Filipino
| |
− | * French
| |
− | * German
| |
− | * Greek
| |
− | * Hungarian
| |
− | * Indonesian
| |
− | * Italian
| |
− | * Japanese
| |
− | * Korean
| |
− | * Persian
| |
− | * Polish
| |
− | * Russian
| |
− | * Sinhala
| |
− | * Spanish
| |
− | * Urdu
| |
− | | |
− | You can use [http://crowdin.net/project/owasp-zap Crowdin] to help improve these translations or add new ones right now!
| |
− | | |
− | </div>
| |
− | | |
− | = Roadmap =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | | |
− | ==Release 2.6.0==
| |
− | ZAP 2.6.0 has been released, this is a bug fix and enhancement release
| |
− | | |
− | For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0
| |
− | | |
− | ==Release 2.7.0==
| |
− | ZAP 2.7.0 is planned for around the end of June 2017.
| |
− | | |
− | ==Release 2.8.0==
| |
− | ZAP 2.8.0 is planned for around the end of September 2017.
| |
− | | |
− | ==Release 2.9.0==
| |
− | ZAP 2.9.0 is planned for around the end of December 2017.
| |
− | | |
− | | |
− | </div>
| |
− | | |
− | = Get Involved =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | | |
− | Involvement in the development of ZAP is actively encouraged!
| |
− | | |
− | You do not have to be a security expert in order to contribute.
| |
− | | |
− | Some of the ways you can help:
| |
− | | |
− | ==Feature Requests==
| |
− | | |
− | Please raise new feature requests as enhancement requests here: https://github.com/zaproxy/zaproxy/issues
| |
− | | |
− | If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.
| |
− | | |
− | ==Feedback==
| |
− | | |
− | Please use the [http://groups.google.com/group/zaproxy-users zaproxy-users Google Group] for feedback:
| |
− | * What do like?
| |
− | * What don't you like?
| |
− | * What features could be made easier to use?
| |
− | * How could the help pages be improved?
| |
− | | |
− | ==Log issues==
| |
− | | |
− | Have you had a problem using ZAP?
| |
− | | |
− | If so and its not already been logged then please [https://github.com/zaproxy/zaproxy/issues report it]
| |
− | | |
− | ==Localization==
| |
− | | |
− | Are you fluent in another language? Can you help translate ZAP into that language?
| |
− | | |
− | You can use [http://crowdin.net/project/owasp-zap Crowdin] to do that!
| |
− | | |
− | ==Development==
| |
− | | |
− | If you fancy having a go at adding functionality to ZAP then please get in touch via the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group].
| |
− | | |
− | Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!
| |
− | | |
− | If you actively contribute to ZAP then you will be invited to join the project.
| |
− | | |
− | </div>
| |
− | | |
− | __NOTOC__ <headertabs /> | |
− | | |
− | [[Category:OWASP_Project|Zed Attack Proxy Project]] | |
| [[Category:OWASP_Tool]] | | [[Category:OWASP_Tool]] |
− | [[Category:OWASP_Release_Quality_Tool|OWASP Release Quality Tool]] | + | [[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]] |
| [[Category:OWASP_Download]] | | [[Category:OWASP_Download]] |
| [[Category:Popular]] | | [[Category:Popular]] |
| [[Category:SAMM-ST-2]] | | [[Category:SAMM-ST-2]] |
− | [[Category:Flagship Projects]] | + | [[Category:Flagship Projects|Zap]] |
| + | [[Category:OWASP Zed Attack Proxy|Zap]] |