ZAP (Zed Attack Proxy)

LSE top 100LSE top 100ZAP (18)ZAP (18)

Tool and Usage

The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

Screenshot for ZAP tool review


ZAP is an intercepting proxy of web traffic. You will need to configure your browser to connect to the web application you wish to test through ZAP.

Note: Zed Attack Proxy, or ZAP, is also known as zaproxy.

Usage and audience

This tool is categorized as a web application scanner, web application security scanner, and web application security tool.

ZAP is commonly used for penetration testing, security assessment, software testing, or web application analysis. Target users for this tool are pentesters and security professionals.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 50 contributors
  • + More than 2000 GitHub stars
  • + Many maintainers
  • + The source code of this software is available


  • - Many reported issues are still open

History and highlights

  • Demoed at Black Hat Europe 2016

Author and Maintainers

ZAP is under development by Simon Bennetts. This project is currently maintained by Goran Sarenkapa, Ricardo Pereira, Rick Mitchell, Sherif Mansour, Simon Bennetts.


Supported operating systems

ZAP is known to work on Linux, macOS, and Microsoft Windows.

ZAP alternatives

All alternatives for ZAP

This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release2.7.0 [2017-11-28]
LicenseApache License 2.0
Last updatedApril 8, 2018

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconzaproxy GitHub project
Twitter icon@zaproxy
 zaproxy project website

Related terms