OWASP ZAP
 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
 "Zed Attack Proxy" | |
| Stable release | 2.14.0[1]
/ 12 October 2023 |
|---|---|
| Repository | |
| Written in | Apache Licence |
| Website | www |
ZAP (short for Zed Attack Proxy), formerly known as OWASP ZAP, is an
It has been one of the most active Open Worldwide Application Security Project (OWASP) projects[3] and has been given Flagship status.[4]
When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using HTTPS.
It can also run in a
ZAP was added to the
ZAP was originally forked from Paros, another pentesting proxy. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.[6]
As of August 1, 2023, the ZAP development team announced that ZAP was leaving the OWASP Foundation to join The Software Security Project, as a founding project [7][8] and henceforth will be simply called ZAP.
The OWASP Foundation announced this departure on the following day.[9]
Features
Some of the built in features include:
- An intercepting proxy server,
- Traditional and AJAX Web crawlers
- An automated scanner
- A passive scanner
- Forced browsing
- A fuzzer
- WebSocket support
- Scripting languages
- Plug-n-Hack support
It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel has been described as easy to use.[10]
An extensive list of all features can be found on https://www.zaproxy.org/docs/desktop/start/features/.
Awards
- One of the OWASP tools referred to in the 2015 Bossie award for The best open source networking and security software[11]
- Second place in the Top Security Tools of 2014 as voted by ToolsWatch.org readers[12]
- Top Security Tool of 2013 as voted by ToolsWatch.org readers[13]
- Toolsmith Tool of the Year for 2011[14]
See also
- Web application security
- Burp suite
- W3af
- Fiddler (software)
References
- ^ "Zap 2.14.0". 12 July 2023.
- ^ "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.
- ^ "Open Web Application Security Project (OWASP)". Openhub.net. Retrieved 3 November 2014.
- ^ "OWASP Project Inventory". Owasp.org. Retrieved 14 September 2023.
- ^ "TECHNOLOGY RADAR Our thoughts on the technology and trends that are shaping the future" (PDF). Thoughtworks.com. Retrieved 6 May 2015.
- ^ Bennetts, Simon (2014). Security Testing for Developers Using OWASP ZAP (Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30. Retrieved 2 June 2015.
- ^ "ZAP is Joining the Software Security Project". August 1, 2023.
- ^ "Welcoming ZAP to the Software Security Project". July 31, 2023.
- ^ "ZAP Core Team to move to Linux Foundation | OWASP Foundation".
- ^ Marcel Birkner (28 October 2013). "Automated Security Testing Web Applications Using OWASP Zed Attack Proxy test". Retrieved 22 November 2016.
- ^ InfoWorld (16 September 2015). "Bossie Awards 2015: The best open source networking and security software". Infoworld.com. Retrieved 21 September 2015.
- ^ "ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers". Toolswatch.org. Retrieved 16 January 2015.
- ^ "ToolsWatch.org – The Hackers Arsenal Tools Portal » 2013 Top Security Tools as Voted by ToolsWatch.org Readers". Toolswatch.org. Retrieved 3 November 2014.
- ^ Russ McRee (February 2012). "HolisticInfoSec: 2011 Toolsmith Tool of the Year: OWASP ZAP". Holisticinfosec.blogspot.com. Retrieved 3 November 2014.