OWASP ZAP
ZAP (short for Zed Attack Proxy), formerly known as OWASP ZAP, is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
| Stable release | 2.14.0
/ 12 October 2023 |
|---|---|
| Repository | |
| Written in | Java |
| Operating system | Linux, Windows, OS X |
| Available in | 25 languages |
| Type | Computer security |
| License | Apache Licence |
| Website | www |
It has been one of the most active Open Worldwide Application Security Project (OWASP) projects and has been given Flagship status.
When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using HTTPS.
It can also run in a daemon mode which is then controlled via a REST API.
ZAP was added to the ThoughtWorks Technology Radar on May 30, 2015 in the Trial ring.
ZAP was originally forked from Paros, another pentesting proxy. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.
As of August 1, 2023, the ZAP development team announced that ZAP was leaving the OWASP Foundation to join The Software Security Project, as a founding project and henceforth will be simply called ZAP.
The OWASP Foundation announced this departure on the following day.