Το OWASP Zed Attack Proxy (ZAP) είναι εύκολο στη χρήση penetration testing tool to find vulnerabilities in web applications.
It is designed for use by people with a wide range of experience security and is therefore ideal for developers and security researchers new to penetration testing, as well as a useful addition to an experienced security testing toolbox.
ZAP provides automated scanners as well as a set of tools that allow you to detect security vulnerabilities manually.
Some of the features of ZAP:
- Open source
- Cross-platform
- Easy to installation
- Completely free
- Easy to use
- Contains help pages
- Translated into 12 languages
- You are growing rapidly by a large group of volunteers
Some of the features of ZAP:
- Intercepting Proxy
- Traditional and AJAX spiders
- Automatic scanners
- Passive scanners
- Compulsory tour
- Fuzzer
- Dynamic SSL certificates
- Smartcard and Client support Transformation Certificate
- Support websites sockets
- Support for a wide range of scripting languages
- Plug-n-Hack support
- Support Authentication and Session
- Powerful REST based API
- Automatic upgrade option
- Integrated and growing market for additives
Application snapshots
You will find a guide on how to operate ZAP here
You can download the program from here
