The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Features
Intercepting proxy
Automated scanner
Passive scanner
Spider
Next Release
The next release of OWASP ZAP, planned for later this year, is expected to include:
OWASP rebranding
Improvements to the passive and active automated scanners
Improvements the Spider
The addition a basic port scanner
The ability to brute force files and directories (using components from DirBuster)
ZAP is actually a fork from Paros Proxy.
You can download ZAP v1.0 here:
Cross Platform – ZAP_1.0.0b_installation.tar.gz
Windows Installer – ZAP_1.0.0_installer.exe
Tuesday, June 14, 2011
OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing
0 comments:
Post a Comment