OWASP Zed Attack Proxy (ZAP) is an easy-to-use penetration testing tool for finding vulnerabilities in applications tissue.
It is designed for use by people with a wide range of security experience and is therefore ideal for developers and security researchers new to penetration testing, as well as a useful addition tocase like an experienced toolbox of security testing tools.
ZAP provides automated scanners as well as a set of tools that allow you to detect security vulnerabilities manually.
Some of them characteristics of ZAP:
- Open source
- Cross-platform
- Easy to installation
- Completely free
- Easy to use
- Contains help pages
- Translated into 12 languages
- You are growing rapidly from a large team volunteers
Some of them functions of ZAP:
- Intercepting Proxy
- Traditional and AJAX spiders
- Automatic scanners
- Passive scanners
- Compulsory tour
- Fuzzer
- Dynamic SSL certificates
- Smartcard and Client Digital Certificate support
- Web sockets support
- Support for a wide range of scripting languages
- Plug-n-Hack support
- Authentication and session support
- Powerful REST based API
- Automatic upgrade option
- Integrated and growing market for additives
Application snapshots
You will find a guide on how to operate ZAP here
You can download the program from here