|
|
| (204 intermediate revisions by 16 users not shown) |
| Line 1: |
Line 1: |
| − | {{OWASP Builders}}
| + | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div> |
| − | {{OWASP Breakers}}
| + | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- |
| − | ==== Main ==== | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
| − | [[Image:ZAP-ScreenShotAddAlert.png|thumb|300px|right|ZAP Add Alert Screen Shot]] | + | {{ReviewProject|projectname=zaproxy|language=en}} |
| − | [[Image:ZAP-ScreenShotHelp.png|thumb|300px|right|ZAP Help Screen Shot]]
| + | <div style="font-size:120%;border:none;margin: 0;color:#000"> |
| − | [[Image:ZAP-ScreenShotHistoryFilter.png|thumb|300px|right|ZAP History Filter Screen Shot]]
| + | For more details about ZAP see the new ZAP website at [https://www.zaproxy.org zaproxy.org][[Image:Zap-website.png | link=https://www.zaproxy.org/]] |
| − | [[Image:ZAP-ScreenShotSearchTab.png|thumb|300px|right|ZAP Search Tab Screen Shot]] | |
| | | | |
| − | The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
| + | {{Social Media Links}} |
| | | | |
| − | It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
| + | | style="padding-left:25px;width:200px;" valign="top" | |
| | | | |
| − | ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
| + | == Quick Download == |
| | | | |
| − | [[Image:ZAP-Download.png | | + | [https://github.com/zaproxy/zaproxy/wiki/Downloads Download OWASP ZAP!] |
| − | link=http://code.google.com/p/zaproxy/downloads/list]]
| |
| | | | |
| − | '''The current version of ZAP is [http://code.google.com/p/zaproxy/wiki/HelpReleases1_3_4 1.3.4].'''
| + | == Donate to ZAP == |
| | | | |
| − | Want a very quick introduction? See the [http://www.owasp.org/images/e/e3/OWASP_ZAP_Flyer.pdf project pamphlet].
| + | <div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation |
| | + | |target=_blank |
| | + | |budget=Zed Attack Proxy }} |
| | + | </div> |
| | | | |
| − | For a slightly longer introduction see the [http://www.owasp.org/images/c/c8/Conference_Style_slides_for_ZAP.ppt project presentation].
| + | == News and Events == |
| | + | Please see the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#News News] and [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#Talks Talks] tabs |
| | | | |
| − | For video introductions to ZAP see the links on the [https://code.google.com/p/zaproxy/wiki/Videos wiki videos page].
| + | == Change Log == |
| | + | * [https://github.com/zaproxy/zaproxy/commits/develop zaproxy] |
| | + | * [https://github.com/zaproxy/zap-extensions/commits/master zap-extensions] |
| | | | |
| − | '''For more details about ZAP, including the full user guide, see the [https://code.google.com/p/zaproxy/wiki/Introduction wiki].'''
| + | == Code Repo == |
| | + | * [https://github.com/zaproxy/zaproxy/ zaproxy] |
| | + | * [https://github.com/zaproxy/zap-extensions/ zap-extensions] |
| | | | |
| − | <paypal>Zed Attack Proxy</paypal>
| + | == Email List == |
| | | | |
| − | '''Some of ZAP's features:'''
| + | Questions? Please ask on the [http://groups.google.com/group/zaproxy-users ZAP User Group] |
| | | | |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsIntercept Intercepting Proxy]
| + | == Project Leader == |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsAscan Automated scanner]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsPscan Passive scanner]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsBruteforce Brute Force scanner]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsSpider Spider]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsFuzz Fuzzer]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsPortscan Port scanner]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpUiDialogsOptionsDynsslcert Dynamic SSL certificates]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsApi API]
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpUiDialogsBeanshell Beanshell integration]
| |
| | | | |
| − | '''Some of ZAP's characteristics:'''
| + | Project Leader<br />[https: //www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:[email protected] @] |
| | | | |
| − | * Easy to install (just requires java 1.6)
| + | Co-Project Leaders<br />[https://www.owasp.org/index.php/User:Ricardo.Pereira Ricardo Pereira] [mailto:ricardo.pereira@owasp.org @] |
| − | * Ease of use a priority
| |
| − | * [http://code.google.com/p/zaproxy/wiki/HelpIntro Comprehensive help pages]
| |
| − | * Fully internationalized
| |
| − | * Under active development
| |
| − | * [http://www.apache.org/licenses/LICENSE-2.0 Open source]
| |
| − | * Free (no paid for 'Pro' version)
| |
| − | * Cross platform
| |
| − | * Involvement actively encouraged
| |
| | | | |
| − | '''It supports the following languages:'''
| + | [https: //www.owasp.org/index.php/User:Rick.mitchell Rick Mitchell] [mailto:[email protected] @] |
| | | | |
| − | * English
| + | == Related Projects == |
| − | * Brazilian Portuguese
| |
| − | * Chinese
| |
| − | * Danish
| |
| − | * French
| |
| − | * German
| |
| − | * Greek
| |
| − | * Indonesian
| |
| − | * Japanese
| |
| − | * Polish
| |
| − | * Spanish
| |
| | | | |
| − | ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].
| + | * [https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project OWASP WTE] |
| | + | * [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF] |
| | | | |
| − | ==== Roadmap ==== | + | == Open Hub Stats == |
| | | | |
| − | Details of previous releases can be found [http://code.google.com/p/zaproxy/wiki/HelpReleasesReleases here]
| + | *https://www.openhub.net/p/zaproxy |
| | | | |
| − | ==Release 1.3.4== | + | ==Classifications== |
| − | Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_3_4 1.3.4] has just been released, which is the third bugfix release of the 1.3.x branch.
| |
| | | | |
| − | Compared to previous releases, the 1.3.x branch adds the following main features:
| + | {| width="200" cellpadding="2" |
| − | * Fuzzing (using components from [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz])
| + | |- |
| − | * Dynamic SSL Certificates
| + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] |
| − | * Daemon mode and API to allow other tools to interact with ZAP
| + | | width="50%" valign="center" align="center" | [[File:Owasp-builders-small.png|link=]] |
| − | * [http://www.beanshell.org/home.html BeanShell] integration
| + | | |
| − | * Full internationalization
| + | |- |
| − | * Out of the box support for 10 languages
| + | | width="50%" valign="center" align="center" | [[File:Owasp-breakers-small.png|link=]] |
| | + | |- |
| | + | | colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License] |
| | + | |- |
| | + | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] |
| | + | |} |
| | | | |
| − | ==Release 1.4== | + | |}<div style="font-size:120%;border:none;margin: 0;color:#000"> |
| − | The next major release will focus on stability and scanning (spider, passive and active).
| |
| | | | |
| − | Candidate enhancements and fixes are flagged as high priority on the [https://code.google.com/p/zaproxy/issues/list?can=2&q=priority=High issues page].
| + | </div> |
| | | | |
| − | Follow this [https://groups.google.com/d/topic/zaproxy-develop/cH7hhfRc6gs/discussion thread] on the developers newsgroup for more information, and please post any feedback you have.
| + | __NOTOC__ |
| − | | + | [[Category:OWASP Project|Zed Attack Proxy Project]] |
| − | ==Future Releases==
| + | [[Category:OWASP_Tool]] |
| − | | + | [[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]] |
| − | Future releases are likely to include:
| + | [[Category:OWASP_Download]] |
| − | * Fuzzing analysis
| + | [[Category:Popular]] |
| − | * API extensions
| + | [[Category:SAMM-ST-2]] |
| − | * Enhancements and fixes logged on the [https://code.google.com/p/zaproxy/issues/list issues page]
| + | [[Category:Flagship Projects|Zap]] |
| − | | + | [[Category:OWASP Zed Attack Proxy|Zap]] |
| − | ====Get Involved====
| |
| − | | |
| − | Involvement in the development of ZAP is actively encouraged!
| |
| − | | |
| − | You do not have to be a security expert in order to contribute.
| |
| − | | |
| − | Some of the ways you can help:
| |
| − | | |
| − | ==Feature Requests==
| |
| − | | |
| − | Please raise new feature requests as enhancement requests here: http://code.google.com/p/zaproxy/issues/list
| |
| − | | |
| − | If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.
| |
| − | | |
| − | ==Feedback==
| |
| − | | |
| − | Please use the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group] for feadback:
| |
| − | * What do like?
| |
| − | * What dont you like?
| |
| − | * What features could be made easier to use?
| |
| − | * How could the help pages be improved?
| |
| − | | |
| − | ==Log issues==
| |
| − | | |
| − | Have you had a problem using ZAP?
| |
| − | | |
| − | If so and its not already been logged then please [http://code.google.com/p/zaproxy/issues/list report it]
| |
| − | | |
| − | ==Localization==
| |
| − | | |
| − | Are you fluent in another language? Can you help translate ZAP into that language?
| |
| − | | |
| − | If so then please get in touch.
| |
| − | | |
| − | ==Development==
| |
| − | | |
| − | If you fancy having a go at adding functionality to ZAP then please get in touch via the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group].
| |
| − | | |
| − | Again, you do not have to be a security expect to contribute code - working on ZAP could be great way to learn more about web application security!
| |
| − | | |
| − | If you actively contribute to ZAP then you will be invited to join the project.
| |
| − | | |
| − | | |
| − | <!---- ==== Project About ====
| |
| − | {{:GPC_Project_Details/OWASP_ZAP | OWASP Project Identification Tab}} --->
| |
| − | | |
| − | ==== Project About ====
| |
| − | {{:Projects/OWASP Zed Attack Proxy Project | Project About}}
| |
| − | | |
| − | | |
| − | __NOTOC__ <headertabs />
| |
| − | | |
| − | [[Category:OWASP_Project|Zed Attack Proxy Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Release_Quality_Tool|OWASP Release Quality Tool]] [[Category:OWASP_Download]] | |
