|
|
(136 intermediate revisions by 12 users not shown) |
Line 1: |
Line 1: |
− | {{Social Media Links}}
| + | <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div> |
− | = Main = | + | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- |
− | [[Image:zap128x128.png|right]] | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
| + | {{ReviewProject|projectname=zaproxy|language=en}} |
| <div style="font-size:120%;border:none;margin: 0;color:#000"> | | <div style="font-size:120%;border:none;margin: 0;color:#000"> |
− | The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
| + | For more details about ZAP see the new ZAP website at [https://www.zaproxy.org zaproxy.org][[Image:Zap-website.png | link=https://www.zaproxy.org/]] |
| | | |
− | It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
| + | {{Social Media Links}} |
− | | |
− | ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
| |
− | | |
− | ''' Want to help us make ZAP even better for you? '''
| |
− | | |
− | ''' Just fill in the ZAP User Questionnaire which is available in [https://docs.google.com/forms/d/1lUPTYHe9CS5tropNStoRK9jVeZ7tWRywhBHDIZjE4cA/viewform English], [https://docs.google.com/forms/d/1JhUdp4cxZ3qRayYWz3JHOLSP7DPdBI-zgnFzDWxbX5A/viewform French] and [https://docs.google.com/forms/d/1xAKE3TCOaBrmFnyAVUr6NdTd3mKvu7g_uGriOcS2Ka4/viewform Spanish]! '''
| |
− | | |
− | You can view the responses so far (which are separate for each languages) here: [https://docs.google.com/forms/d/1lUPTYHe9CS5tropNStoRK9jVeZ7tWRywhBHDIZjE4cA/viewanalytics English], [https://docs.google.com/forms/d/1JhUdp4cxZ3qRayYWz3JHOLSP7DPdBI-zgnFzDWxbX5A/viewanalytics French], [https://docs.google.com/forms/d/1xAKE3TCOaBrmFnyAVUr6NdTd3mKvu7g_uGriOcS2Ka4/viewanalytics Spanish]
| |
| | | |
− | [[Image:ZAP-Download.png | link=http://code.google.com/p/zaproxy/downloads/list]]
| + | | style="padding-left:25px;width:200px;" valign="top" | |
| | | |
− | '''ZAP 2.2.0 is available via the above link!'''
| + | == Quick Download == |
| | | |
− | '''For more details about 2.2.0 see the [http://code.google.com/p/zaproxy/wiki/HelpReleases2_2_0 release notes]'''
| + | [https://github.com/zaproxy/zaproxy/wiki/Downloads Download OWASP ZAP!] |
| | | |
− | You can also get cross platform [http://code.google.com/p/zaproxy/wiki/WeeklyReleases weekly releases] which include all of the latest changes.
| + | == Donate to ZAP == |
| | | |
− | For a quick overview of ZAP and an introduction to version 2.0.0 see these tutorial videos on YouTube:
| + | <div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation |
− | | + | |target=_blank |
− | {{#ev:youtube|eH0RBI0nmww}} {{#ev:youtube|a-lJafBdAeM}}
| + | |budget=Zed Attack Proxy }} |
− | | |
− | For more videos see the links on the [https://code.google.com/p/zaproxy/wiki/Videos wiki videos page].
| |
− | | |
− | Want a very quick introduction? See the [https://www.owasp.org/index.php/File:owasp_zap_flyer_v2.pdf project pamphlet].
| |
− | | |
− | For a slightly longer introduction see the [http://www.owasp.org/images/c/c8/Conference_Style_slides_for_ZAP.ppt project presentation].
| |
− | | |
− | For more details about ZAP, including the full user guide, see the [https://code.google.com/p/zaproxy/wiki/Introduction wiki].
| |
− | | |
− | <paypal>Zed Attack Proxy</paypal>
| |
| </div> | | </div> |
| | | |
− | = Screenshots = | + | == News and Events == |
− | [[Image:zap128x128.png|right]] | + | Please see the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#News News] and [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#Talks Talks] tabs |
− | {|
| |
− | |-
| |
− | |
| |
− | [[Image:ZAP-ScreenShotAddAlert.png||400px||ZAP Add Alert Screen Shot]]
| |
− | |
| |
− | [[Image:ZAP-ScreenShotHelp.png||400px|left|ZAP Help Screen Shot]]
| |
− | |-
| |
− | |
| |
− | [[Image:ZAP-ScreenShotHistoryFilter.png|thumb|400px|left|ZAP History Filter Screen Shot]]
| |
− | |
| |
− | [[Image:ZAP-ScreenShotSearchTab.png|thumb|400px|left|ZAP Search Tab Screen Shot]]
| |
− | |}
| |
| | | |
− | = Talks = | + | == Change Log == |
− | [[Image:zap128x128.png|right]] | + | * [https://github.com/zaproxy/zaproxy/commits/develop zaproxy] |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| + | * [https://github.com/zaproxy/zap-extensions/commits/master zap-extensions] |
− | '''Upcoming Talks:'''
| |
| | | |
| + | == Code Repo == |
| + | * [https://github.com/zaproxy/zaproxy/ zaproxy] |
| + | * [https://github.com/zaproxy/zap-extensions/ zap-extensions] |
| | | |
− | '''2013 August 23: AppSec EU Hamburg [http://sched.appsec.eu/event/827cfea8e84949a358f8baaab2cb8879#.UfYkt03ehrc Simon Bennetts: ZAP Innovations]'''
| + | == Email List == |
| | | |
− | The Zed Attack Proxy is one of the most popular OWASP projects, and has an enthusiastic developer community which encourages participation.
| + | Questions? Please ask on the [http://groups.google.com/group/zaproxy-users ZAP User Group] |
| | | |
− | There are many new developments in progress that will provide functionality currently unavailable in other security tools.
| + | == Project Leader == |
| | | |
− | In this session Simon will give a quick introduction for newcomers to ZAP, and then dive into the new changes
| + | Project Leader<br />[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:[email protected] @] |
| | | |
| + | Co-Project Leaders<br />[https://www.owasp.org/index.php/User:Ricardo.Pereira Ricardo Pereira] [mailto:[email protected] @] |
| | | |
− | '''2013 November 20: AppSec USA New York [https://owasp.confex.com/owasp/appsecusa13/webprogram/Session1153.html Simon Bennetts: Zed Attack Proxy]'''
| + | [https://www.owasp.org/index.php/User:Rick.mitchell Rick Mitchell] [mailto:rick.mitchell+wiki@owasp.org @] |
| | | |
− | The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects.
| + | == Related Projects == |
| | | |
− | It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.
| + | * [https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project OWASP WTE] |
| + | * [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF] |
| | | |
− | This talk will focus on the latest changes to ZAP and the plans for it’s future.
| + | == Open Hub Stats == |
| | | |
− | Due to the growing number of people working on ZAP, and the fact that there are 5 ZAP related Google Summer of Code 2013 projects, the content of the talk will be announced closer to the conference date.
| + | *https://www.openhub.net/p/zaproxy |
| | | |
| + | ==Classifications== |
| | | |
− | </div>
| + | {| width="200" cellpadding="2" |
− | = News = | + | |- |
− | [[Image:zap128x128.png|right]]
| + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]] |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| + | | width="50%" valign="center" align="center" | [[File:Owasp-builders-small.png|link=]] |
− | '''Latest News:'''
| + | | |
− | * 2013/09/11 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases2_2_0 2.2.0] released
| + | |- |
− | * 2013/07/29 New language file including support for Bosnian
| + | | width="50%" valign="center" align="center" | [[File:Owasp-breakers-small.png|link=]] |
− | * 2013/06/17 ZAP user questionnaire launched, now in both [https://docs.google.com/forms/d/1lUPTYHe9CS5tropNStoRK9jVeZ7tWRywhBHDIZjE4cA/viewform English] and [https://docs.google.com/forms/d/1xAKE3TCOaBrmFnyAVUr6NdTd3mKvu7g_uGriOcS2Ka4/viewform Spanish]
| + | |- |
− | * 2013/06/05 ZAP questions can now be asked on [https://irc.lc/mozilla/websectools/zapuser??? irc]
| + | | colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License] |
− | * 2013/05/10 5 ZAP related projects accepted for [http://code.google.com/p/zaproxy/wiki/GSoC2013 Google Summer of Code]
| + | |- |
− | * 2013/04/18 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases2_1_0 2.1.0] released
| + | | colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] |
− | * 2013/01/30 Version [http://owasp.blogspot.co.uk/2013/01/owasp-zed-attack-proxy-v-200.html 2.0.0] released
| + | |} |
− | * 2012/11/27 Started a new [http://code.google.com/p/zaproxy-test/ zaproxy-test] project of unit and integrations tests
| |
− | * 2012/10/29 Adopted [http://crowdin.net/project/owasp-zap Crowdin] for translations
| |
− | * 2012/10/22 Started generating [http://code.google.com/p/zaproxy/wiki/WeeklyReleases weekly releases]
| |
− | * 2012/10/12 ZAP Overview tutorial [http://www.youtube.com/watch?v=eH0RBI0nmww video] published
| |
− | * 2012/09/18 [http://www.cafepress.com/zaproxy ZAP Gear Store] goes live
| |
− | * 2012/08/05 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_4_1 1.4.1] released
| |
− | * 2012/07/08 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_4_0 1.4.0.1] downloaded over 15,000 times
| |
− | * 2012/07/05 [http://code.google.com/p/zaproxy/wiki/ApiPython Python API] released
| |
− | * 2012/06/15 ZAP accepted for the [[Projects_Reboot_2012|OWASP Project Reboot]]
| |
− | * 2012/06/13 Using ZAP for Security Regression tests [http://www.youtube.com/watch?v=ZWSLFHpg1So video] published
| |
− | * 2012/06/04 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_4_0 1.4.0.1] downloaded over 10,000 times
| |
− | * 2012/05/28 Simon's Introduction to ZAP talk at App Sec USA becomes the most watched OWASP video on [http://vimeo.com/owasp/videos/sort:plays vimeo]
| |
− | * 2012/04/23 3 ZAP related [http://code.google.com/p/zaproxy/wiki/GSoC2012 Google Summer of Code 2012] projects accepted. To find out how these are progressing please see their [http://code.google.com/p/zaproxy/wiki/GSoC2012 wiki pages].
| |
− | * 2012/04/23 OWASP ZAP [http://code.google.com/p/zaproxy/wiki/SmartCards SmartCard Project] officially launched.
| |
− | * 2012/04/08 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_4_0 1.4.0.1] released
| |
− | * 2012/02/10 Version [http://code.google.com/p/zaproxy/wiki/HelpReleases1_3_4 1.3.4] downloaded over 10,000 times
| |
− | * 2012/02/01 OWASP ZAP is named the [http://holisticinfosec.blogspot.com/2012/02/2011-toolsmith-tool-of-year-owasp-zap.html Toolsmith Tool of the Year for 2011!]
| |
| | | |
− | </div>
| + | |}<div style="font-size:120%;border:none;margin: 0;color:#000"> |
− | = ZAP Gear =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | | |
− | Yes, you can now buy ZAP related gear!
| |
− | | |
− | Its your chance to show your support for the project, c/o `CafePress`.
| |
− | | |
− | Click on the tshirt to enter the [http://www.cafepress.com/zaproxy ZAP Gear Store]:
| |
− | | |
− | [[Image:zap-tshirt-cp.PNG | link=http://www.cafepress.com/zaproxy]]
| |
− | | |
− | </div>
| |
− | = Sponsors =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000"> | |
− | | |
− | ZAP is developed by a worldwide [http://code.google.com/p/zaproxy/people/list team] of volunteers.
| |
− | | |
− | But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:
| |
− | | |
− | * [http://www.owasp.org OWASP]
| |
− | * [http://www.mozilla.org Mozilla]
| |
− | * [http://www.sage.co.uk Sage]
| |
− | * [http://www.google.com Google]
| |
− | * [http://www.microsoft.com Microsoft]
| |
− | * [http://www.hacktics.com/ Hacktics, Ernst & Young]
| |
− | * [http://www.taddong.com/ Taddong]
| |
− | * [http://www.denimgroup.com Denim Group]
| |
− | * [http://secureideas.net SecureIdeas]
| |
− | * [http://utilisec.com UtiliSec]
| |
− | * [http://www.encription.co.uk/ encription]
| |
− | </div>
| |
− | = Functionality =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | '''Some of ZAP's functionality:'''
| |
− | | |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsIntercept Intercepting Proxy]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsSpider Traditional] and AJAX spiders
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsAscan Automated scanner]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsPscan Passive scanner]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsBruteforce Forced browsing]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsFuzz Fuzzer]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpUiDialogsOptionsDynsslcert Dynamic SSL certificates]
| |
− | * [http://code.google.com/p/zaproxy/wiki/SmartCards Smartcard and Client Digital Certificates support]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpAddonsWebsocketIntroduction Web sockets] support
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpAddonsScriptsScripts Support for a wide range of scripting languages]
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpAddonsPlugnhackPlugnhack Plug-n-Hack support]
| |
− | * Authentication and session support
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpStartConceptsApi Powerful REST based API]
| |
− | * Automatic updating option
| |
− | * [https://code.google.com/p/zap-extensions/ Integrated and growing marketplace of add-ons]
| |
| | | |
| </div> | | </div> |
− | = Features =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | '''Some of ZAP's features:'''
| |
− |
| |
− | * [http://www.apache.org/licenses/LICENSE-2.0 Open source]
| |
− | * Cross platform
| |
− | * Easy to install (just requires java 1.7)
| |
− | * Completely free (no paid for 'Pro' version)
| |
− | * Ease of use a priority
| |
− | * [http://code.google.com/p/zaproxy/wiki/HelpIntro Comprehensive help pages]
| |
− | * Fully internationalized
| |
− | * Translated into a dozen languages
| |
− | * Community based, with involvement actively encouraged
| |
− | * Under active development by an international team of volunteers
| |
− |
| |
− | ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].
| |
− |
| |
− | </div>
| |
− | = Languages =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− |
| |
− | '''ZAP supports the following languages:'''
| |
− |
| |
− | * English
| |
− | * Arabic
| |
− | * Bosnian
| |
− | * Brazilian Portuguese
| |
− | * Chinese
| |
− | * Danish
| |
− | * Filipino
| |
− | * French
| |
− | * German
| |
− | * Greek
| |
− | * Indonesian
| |
− | * Italian
| |
− | * Japanese
| |
− | * Korean
| |
− | * Persian
| |
− | * Polish
| |
− | * Russian
| |
− | * Sinhala
| |
− | * Spanish
| |
− | * Urdu
| |
− |
| |
− | You can use [http://crowdin.net/project/owasp-zap Crowdin] to help improve these translations or add new ones right now!
| |
− |
| |
− | </div>
| |
− | = Roadmap =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− |
| |
− | ==Release 2.2.0==
| |
− | ZAP 2.2.0 has been released, which includes:
| |
− | * Support for scripts embedded in ZAP components like the active and passive scanners.
| |
− | * Support for [https://blog.mozilla.org/security/2013/08/22/plug-n-hack/ Plug-n-Hack]
| |
− | * Support for [https://developer.mozilla.org/en-US/docs/zest Mozilla Zest]
| |
− | * Changes to support the 5 [http://code.google.com/p/zaproxy/wiki/GSoC2013 Google Summer of Code 2013] projects.
| |
− |
| |
− | For more details see http://code.google.com/p/zaproxy/wiki/HelpReleases2_2_0
| |
− |
| |
− | ==Release 2.3.0==
| |
− |
| |
− | The next release has not been scheduled yet.
| |
− |
| |
− | Please fill in the User Questionnaire linked off the first tab - this will help us prioritize features for future releases.
| |
− |
| |
− | </div>
| |
− | = Get Involved =
| |
− | [[Image:zap128x128.png|right]]
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− |
| |
− | Involvement in the development of ZAP is actively encouraged!
| |
− |
| |
− | You do not have to be a security expert in order to contribute.
| |
− |
| |
− | Some of the ways you can help:
| |
− |
| |
− | ==Feature Requests==
| |
− |
| |
− | Please raise new feature requests as enhancement requests here: http://code.google.com/p/zaproxy/issues/list
| |
− |
| |
− | If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.
| |
− |
| |
− | ==Feedback==
| |
− |
| |
− | Please use the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group] for feedback:
| |
− | * What do like?
| |
− | * What don't you like?
| |
− | * What features could be made easier to use?
| |
− | * How could the help pages be improved?
| |
− |
| |
− | ==Log issues==
| |
− |
| |
− | Have you had a problem using ZAP?
| |
− |
| |
− | If so and its not already been logged then please [http://code.google.com/p/zaproxy/issues/list report it]
| |
− |
| |
− | ==Localization==
| |
− |
| |
− | Are you fluent in another language? Can you help translate ZAP into that language?
| |
− |
| |
− | You can use [http://crowdin.net/project/owasp-zap Crowdin] to do that!
| |
− |
| |
− | ==Development==
| |
− |
| |
− | If you fancy having a go at adding functionality to ZAP then please get in touch via the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group].
| |
− |
| |
− | Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!
| |
− |
| |
− | If you actively contribute to ZAP then you will be invited to join the project.
| |
− |
| |
− | </div>
| |
− | = Project About =
| |
− | <div style="font-size:120%;border:none;margin: 0;color:#000">
| |
− | [[Image:zap128x128.png|right]]
| |
− | {{:Projects/OWASP Zed Attack Proxy Project | Project About}}
| |
− |
| |
− |
| |
− | __NOTOC__ <headertabs />
| |
| | | |
− | [[Category:OWASP_Project|Zed Attack Proxy Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Release_Quality_Tool|OWASP Release Quality Tool]] [[Category:OWASP_Download]] | + | __NOTOC__ |
| + | [[Category:OWASP Project|Zed Attack Proxy Project]] |
| + | [[Category:OWASP_Tool]] |
| + | [[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]] |
| + | [[Category:OWASP_Download]] |
| + | [[Category:Popular]] |
| + | [[Category:SAMM-ST-2]] |
| + | [[Category:Flagship Projects|Zap]] |
| + | [[Category:OWASP Zed Attack Proxy|Zap]] |