ZAP (Zed Attack Proxy)
Tool and Usage
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

Introduction
ZAP is an intercepting proxy of web traffic. You will need to configure your browser to connect to the web application you wish to test through ZAP.
Note: Zed Attack Proxy, or ZAP, is also known as zaproxy.
Usage and audience
This tool is categorized as a web application scanner, web application security scanner, and web application security tool.
ZAP is commonly used for penetration testing, security assessment, software testing, or web application analysis. Target users for this tool are pentesters and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + More than 50 contributors
- + More than 2000 GitHub stars
- + Many maintainers
- + The source code of this software is available
Weaknesses
- - Many reported issues are still open
History and highlights
- Demoed at Black Hat Europe 2016
Installation
Supported operating systems
ZAP is known to work on Linux, macOS, and Microsoft Windows.
ZAP alternatives
Project details | |
---|---|
Latest release | 2.7.0 [2017-11-28] |
License | Apache License 2.0 |
Last updated | April 8, 2018 |
Project health
Links
zaproxy GitHub project | |
@zaproxy | |
zaproxy project website |