Difference between revisions of "OWASP Zed Attack Proxy Project"

Revision as of 23:45, 21 June 2019

The OWASP Zed Attack Proxy (ZAP)

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.

ZAP 2.8.0 is now available!

Getting Started

Getting Started Guide (pdf) - an introductory guide
Tutorial Videos - a collection of tutorial videos
User Guide - online version of the User Guide included with ZAP

Features

Some of ZAP's functionality:

Man-in-the-middle Proxy
Traditional and AJAX spiders
Automated scanner
Passive scanner
Forced browsing
Fuzzer
Dynamic SSL certificates
Smartcard and Client Digital Certificates support
Web sockets support
Support for a wide range of scripting languages
Plug-n-Hack support
Authentication and session support
Powerful REST based API
Automatic updating option
Integrated and growing marketplace of add-ons

Why use ZAP?

Open source
Cross platform (it even runs on a Raspberry Pi!)
Easy to install (using a multi-platform installer builder)
Completely free (no paid for 'Pro' version)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Translated into over 20 languages
Community based, with involvement actively encouraged
Under active development by an international team of volunteers
ZAP is a fork of the well regarded Paros Proxy

Supported Languages

English
Arabic
Bosnian
Brazilian Portuguese
Chinese
Danish
Filipino
French
German
Greek
Hungarian
Indonesian
Italian
Japanese
Korean
Persian
Polish
Russian
Sinhala
Spanish
Urdu

You can use Crowdin to help improve these translations or add new ones right now!

Awards & Acknowledgements

ToolsWatch Annual Best Free/Open Source Security Tool Survey:

2016 2nd
2015 1st
2014 2nd
2013 1st

Share this:

Donate to ZAP

Download

Packaged Distributions

Docker Images

Weekly Release

Source & Docs

Support & Collaboration

Feedback

Mailing List

Project Leader

Simon Bennetts @

Co-Project Leaders

Ricardo Pereira @

Rick Mitchell @

@@ Line 2: / Line 2: @@
 <div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div>
 {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
-| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |<blockquote>ZAP 2.8.0 is now available! [[Image:ZAP-Download.png | link=https://github.com/zaproxy/zaproxy/wiki/Downloads]]</blockquote>[[Image:zap128x128.png|right]]
+| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |<blockquote></blockquote>[[Image:zap128x128.png|right]]
 == The OWASP Zed Attack Proxy (ZAP) ==
 <div style="font-size:120%;border:none;margin: 0;color:#000">
-The Owasp Zed Attack Proxy (ZAP)
+The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers[[#Justification|*]]. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.
-The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers[[#Justification|*]]. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.
+<blockquote>'''ZAP 2.8.0 is now available! [[Image:ZAP-Download.png | link=https://github.com/zaproxy/zaproxy/wiki/Downloads]]'''</blockquote>
 {|
 |-
@@ Line 22: / Line 22: @@
 == Features ==
-<gallery>
+'''Some of ZAP's functionality:'''
-ZAP-ScreenShotAddAlert.png
-ZAP-ScreenShotHelp.png
-ZAP-ScreenShotHistoryFilter.png
-ZAP-ScreenShotSearchTab.png
-</gallery>'''Some of ZAP's functionality:'''
 * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsIntercept Man-in-the-middle Proxy]
 * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsSpider Traditional] and AJAX spiders
@@ Line 42: / Line 37: @@
 * [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi Powerful REST based API]
 * Automatic updating option
-* [https://github.com/zaproxy/zap-extensions/wiki Integrated and growing marketplace of add-ons]
+* [https://github.com/zaproxy/zap-extensions/wiki Integrated and growing marketplace of add-ons]<gallery>
+ZAP-ScreenShotAddAlert.png
+ZAP-ScreenShotHelp.png
+ZAP-ScreenShotHistoryFilter.png
+ZAP-ScreenShotSearchTab.png
+</gallery>
-'''Some of ZAP's features:'''
+'''Why use ZAP?'''
 * [http://www.apache.org/licenses/LICENSE-2.0 Open source]
 * Cross platform (it even runs on a [https://github.com/zaproxy/zaproxy/wiki/zappi Raspberry Pi!])
@@ Line 55: / Line 55: @@
 * Community based, with involvement actively encouraged
 * Under active development by an international team of volunteers
+* ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy]
 '''Supported Languages'''
@@ Line 80: / Line 81: @@
 You can use [http://crowdin.net/project/owasp-zap Crowdin] to help improve these translations or add new ones right now!
-ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].
 == Awards & Acknowledgements ==
@@ Line 91: / Line 90: @@
 * 2013 [http://www.toolswatch.org/2013/12/2013-top-security-tools-as-voted-by-toolswatch-org-readers/ 1st]
-Interested in a ZAP talk or training event? See the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Talks talks] tab. Not one near you? Contact a [https://github.com/zaproxy/zaproxy/wiki/ZapEvangelists Zap Evangelist] to arrange one!
+*<div style="font-size:120%;border:none;margin: 0;color:#000">
-To learn more about ZAP development:
-* [https://groups.google.com/group/zaproxy-develop Developer Group] - ask questions about the ZAP internals
-* [https://crowdin.com/project/owasp-zap Crowdin (GUI)] - help translate the ZAP GUI
-* [https://crowdin.com/project/owasp-zap-help Crowdin (User Guide)] - help translate the ZAP User Guide
-* [https://www.openhub.net/p/zaproxy OpenHub]	- FOSS analytics
-* [https://www.bountysource.com/teams/zap/issues BountySource] - Vote on ZAP issues (you can also donate money here, but 10% taken out<div style="font-size:120%;border:none;margin: 0;color:#000">
 <div style="font-size:120%;border:none;margin: 0;color:#000">{{Social Media Links}}
@@ Line 186: / Line 178: @@
 If you actively contribute to ZAP then you will be invited to join the project.
+* [https://groups.google.com/group/zaproxy-develop Developer Group] - ask questions about the ZAP internals
+* [https://crowdin.com/project/owasp-zap Crowdin (GUI)] - help translate the ZAP GUI
+* [https://crowdin.com/project/owasp-zap-help Crowdin (User Guide)] - help translate the ZAP User Guide
+* [https://www.openhub.net/p/zaproxy OpenHub]	- FOSS analytics
+* [https://www.bountysource.com/teams/zap/issues BountySource] - Vote on ZAP issues (you can also donate money here, but 10% taken out
 === Localization ===

Difference between revisions of "OWASP Zed Attack Proxy Project"

Revision as of 23:45, 21 June 2019

The OWASP Zed Attack Proxy (ZAP)

Getting Started

Features

Awards & Acknowledgements

Donate to ZAP

Download

Source & Docs

Source

Docs

Change Log

Support & Collaboration

Project Leader

Project Leader

Co-Project Leaders

Navigation menu

Search