The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester’s toolbox.

Team is now releasing weekly updates on every Monday. These are not the full releases , like stable one, but to give more enhancements as soon as possible, ZAP team decide to release weekly updates also.

The following new features are included in weekly releases:
  • Completely rewritten ‘traditional’ Spider (c/o Cosmin Stefan and the GSoC)
  • New Ajax Spider (using Crawljax, c/o Guifre Ruiz and the GSoC)
  • Web sockets support (c/o Robert Koch and the GSoC)
  • Performance improvements (both speed and memory)
  • Session awareness
  • Authentication handling
  • Contexts
  • Modes (Safe, Protected and Standard)
  • Online links in menu

   Download