The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester’s toolbox.
Team is now releasing weekly updates on every Monday. These are not the full releases , like stable one, but to give more enhancements as soon as possible, ZAP team decide to release weekly updates also.
- Completely rewritten ‘traditional’ Spider (c/o Cosmin Stefan and the GSoC)
- New Ajax Spider (using Crawljax, c/o Guifre Ruiz and the GSoC)
- Web sockets support (c/o Robert Koch and the GSoC)
- Performance improvements (both speed and memory)
- Session awareness
- Authentication handling
- Modes (Safe, Protected and Standard)
- Online links in menu