561:
306:
66:
123:
25:
245:
804:
519:
It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel has been described as easy to use.
447:
ZAP was originally forked from Paros, another pentesting proxy. Simon
Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.
782:
916:
566:
911:
82:
434:
224:
206:
104:
52:
144:
137:
75:
848:
826:
402:
926:
921:
431:
753:
871:
739:
285:
187:
319:
259:
159:
849:"ToolsWatch.org – The Hackers Arsenal Tools Portal » 2013 Top Security Tools as Voted by ToolsWatch.org Readers"
827:"ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers"
405:. It is intended to be used by both those new to application security as well as professional penetration testers.
38:
133:
166:
667:
574:
450:
As of August 1, 2023, the ZAP development team announced that ZAP was leaving the OWASP Foundation to join
173:
689:
155:
399:
539:
tools referred to in the 2015 Bossie award for The best open source networking and security software
419:
it allows the user to manipulate all of the traffic that passes through it, including traffic using
354:
589:
510:
481:
427:
767:
359:
645:
366:
326:
715:
305:
690:"TECHNOLOGY RADAR Our thoughts on the technology and trends that are shaping the future"
523:
371:
180:
86:
81:
It may require cleanup to comply with
Knowledge (XXG)'s content policies, particularly
44:
609:
905:
474:
441:
416:
542:
Second place in the Top
Security Tools of 2014 as voted by ToolsWatch.org readers
484:
408:
It has been one of the most active Open
Worldwide Application Security Project (
122:
783:"Automated Security Testing Web Applications Using OWASP Zed Attack Proxy test"
579:
556:
504:
805:"Bossie Awards 2015: The best open source networking and security software"
623:
499:
451:
335:
244:
294:
720:(Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30
461:
The OWASP Foundation announced this departure on the following day.
768:"ZAP Core Team to move to Linux Foundation | OWASP Foundation"
536:
420:
409:
331:
398:(short for Zed Attack Proxy), formerly known as OWASP ZAP, is an
584:
339:
454:, as a founding project and henceforth will be simply called
116:
59:
18:
872:"HolisticInfoSec: 2011 Toolsmith Tool of the Year: OWASP ZAP"
545:
Top
Security Tool of 2013 as voted by ToolsWatch.org readers
896:
382:
74:
A major contributor to this article appears to have a
524:
https://www.zaproxy.org/docs/desktop/start/features/
444:
Technology Radar on May 30, 2015 in the Trial ring.
377:
365:
353:
345:
325:
315:
284:
258:
522:An extensive list of all features can be found on
754:"Welcoming ZAP to the Software Security Project"
717:Security Testing for Developers Using OWASP ZAP
646:"Open Web Application Security Project (OWASP)"
412:) projects and has been given Flagship status.
740:"ZAP is Joining the Software Security Project"
8:
237:
16:Open-source web application security scanner
53:Learn how and when to remove these messages
304:
243:
236:
225:Learn how and when to remove this message
207:Learn how and when to remove this message
105:Learn how and when to remove this message
601:
469:Some of the built in features include:
143:Please improve this article by adding
7:
567:Free and open-source software portal
430:mode which is then controlled via a
548:Toolsmith Tool of the Year for 2011
781:Marcel Birkner (28 October 2013).
14:
34:This article has multiple issues.
559:
403:web application security scanner
265:2.14.0 / 12 October 2023
121:
85:. Please discuss further on the
64:
23:
803:InfoWorld (16 September 2015).
42:or discuss these issues on the
874:. Holisticinfosec.blogspot.com
1:
452:The Software Security Project
145:secondary or tertiary sources
917:Cross-platform free software
870:Russ McRee (February 2012).
943:
912:Computer security software
668:"OWASP Project Inventory"
280:
254:
242:
714:Bennetts, Simon (2014).
575:Web application security
267:; 11 months ago
927:Java platform software
922:Free security software
132:relies excessively on
440:ZAP was added to the
426:It can also run in a
83:neutral point of view
489:An automated scanner
515:Plug-n-Hack support
511:Scripting languages
239:
695:. Thoughtworks.com
590:Fiddler (software)
249:"Zed Attack Proxy"
742:. August 1, 2023.
492:A passive scanner
393:
392:
360:Computer security
235:
234:
227:
217:
216:
209:
191:
115:
114:
107:
78:with its subject.
57:
934:
897:Official website
884:
883:
881:
879:
867:
861:
860:
858:
856:
851:. Toolswatch.org
845:
839:
838:
836:
834:
829:. Toolswatch.org
823:
817:
816:
814:
812:
800:
794:
793:
791:
789:
778:
772:
771:
764:
758:
757:
756:. July 31, 2023.
750:
744:
743:
736:
730:
729:
727:
725:
711:
705:
704:
702:
700:
694:
686:
680:
679:
677:
675:
664:
658:
657:
655:
653:
642:
636:
635:
633:
631:
620:
614:
613:
606:
569:
564:
563:
562:
480:Traditional and
473:An intercepting
389:
386:
384:
327:Operating system
308:
303:
300:
298:
296:
275:
273:
268:
247:
240:
230:
223:
212:
205:
201:
198:
192:
190:
149:
125:
117:
110:
103:
99:
96:
90:
76:close connection
68:
67:
60:
49:
27:
26:
19:
942:
941:
937:
936:
935:
933:
932:
931:
902:
901:
893:
888:
887:
877:
875:
869:
868:
864:
854:
852:
847:
846:
842:
832:
830:
825:
824:
820:
810:
808:
807:. Infoworld.com
802:
801:
797:
787:
785:
780:
779:
775:
766:
765:
761:
752:
751:
747:
738:
737:
733:
723:
721:
713:
712:
708:
698:
696:
692:
688:
687:
683:
673:
671:
666:
665:
661:
651:
649:
644:
643:
639:
629:
627:
622:
621:
617:
612:. 12 July 2023.
608:
607:
603:
598:
565:
560:
558:
555:
532:
495:Forced browsing
467:
415:When used as a
381:
311:
293:
276:
271:
269:
266:
250:
231:
220:
219:
218:
213:
202:
196:
193:
150:
148:
142:
138:primary sources
126:
111:
100:
94:
91:
80:
69:
65:
28:
24:
17:
12:
11:
5:
940:
938:
930:
929:
924:
919:
914:
904:
903:
900:
899:
892:
891:External links
889:
886:
885:
862:
840:
818:
795:
773:
759:
745:
731:
706:
681:
659:
637:
615:
600:
599:
597:
594:
593:
592:
587:
582:
577:
571:
570:
554:
551:
550:
549:
546:
543:
540:
531:
528:
517:
516:
513:
508:
502:
496:
493:
490:
487:
478:
466:
463:
391:
390:
379:
375:
374:
372:Apache Licence
369:
363:
362:
357:
351:
350:
347:
343:
342:
329:
323:
322:
317:
313:
312:
310:
309:
290:
288:
282:
281:
278:
277:
264:
262:
260:Stable release
256:
255:
252:
251:
248:
233:
232:
215:
214:
129:
127:
120:
113:
112:
72:
70:
63:
58:
32:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
939:
928:
925:
923:
920:
918:
915:
913:
910:
909:
907:
898:
895:
894:
890:
873:
866:
863:
850:
844:
841:
828:
822:
819:
806:
799:
796:
784:
777:
774:
769:
763:
760:
755:
749:
746:
741:
735:
732:
719:
718:
710:
707:
691:
685:
682:
669:
663:
660:
648:. Openhub.net
647:
641:
638:
626:. Crowdin.com
625:
619:
616:
611:
605:
602:
595:
591:
588:
586:
583:
581:
578:
576:
573:
572:
568:
557:
552:
547:
544:
541:
538:
534:
533:
529:
527:
525:
520:
514:
512:
509:
506:
503:
501:
497:
494:
491:
488:
486:
483:
479:
476:
472:
471:
470:
464:
462:
459:
457:
453:
448:
445:
443:
438:
436:
433:
429:
424:
422:
418:
413:
411:
406:
404:
401:
397:
388:
380:
376:
373:
370:
368:
364:
361:
358:
356:
352:
348:
344:
341:
337:
333:
330:
328:
324:
321:
318:
314:
307:
302:
292:
291:
289:
287:
283:
279:
263:
261:
257:
253:
246:
241:
229:
226:
211:
208:
200:
197:November 2015
189:
186:
182:
179:
175:
172:
168:
165:
161:
158: –
157:
153:
152:Find sources:
146:
140:
139:
135:
130:This article
128:
124:
119:
118:
109:
106:
98:
95:November 2015
88:
84:
79:
77:
71:
62:
61:
56:
54:
47:
46:
41:
40:
35:
30:
21:
20:
876:. Retrieved
865:
853:. Retrieved
843:
831:. Retrieved
821:
811:21 September
809:. Retrieved
798:
786:. Retrieved
776:
762:
748:
734:
722:. Retrieved
716:
709:
697:. Retrieved
684:
674:14 September
672:. Retrieved
662:
650:. Retrieved
640:
628:. Retrieved
618:
610:"Zap 2.14.0"
604:
521:
518:
485:Web crawlers
475:proxy server
468:
460:
455:
449:
446:
442:ThoughtWorks
439:
425:
417:proxy server
414:
407:
395:
394:
349:25 languages
346:Available in
221:
203:
194:
184:
177:
170:
163:
151:
131:
101:
92:
73:
50:
43:
37:
36:Please help
33:
788:22 November
670:. Owasp.org
624:"OWASP ZAP"
535:One of the
400:open-source
156:"OWASP ZAP"
906:Categories
878:3 November
855:3 November
833:16 January
652:3 November
630:3 November
596:References
580:Burp suite
316:Written in
286:Repository
272:2023-10-12
167:newspapers
134:references
39:improve it
505:WebSocket
87:talk page
45:talk page
553:See also
465:Features
385:.zaproxy
301:/zaproxy
299:/zaproxy
507:support
378:Website
367:License
336:Windows
270: (
181:scholar
724:2 June
530:Awards
500:fuzzer
428:daemon
295:github
183:
176:
169:
162:
154:
699:6 May
693:(PDF)
537:OWASP
421:HTTPS
410:OWASP
332:Linux
188:JSTOR
174:books
880:2014
857:2014
835:2015
813:2015
790:2016
726:2015
701:2015
676:2023
654:2014
632:2014
585:W3af
482:AJAX
432:REST
387:.org
355:Type
340:OS X
320:Java
297:.com
160:news
456:ZAP
435:API
396:ZAP
383:www
238:ZAP
136:to
908::
526:.
498:A
458:.
437:.
423:.
338:,
334:,
147:.
48:.
882:.
859:.
837:.
815:.
792:.
770:.
728:.
703:.
678:.
656:.
634:.
477:,
274:)
228:)
222:(
210:)
204:(
199:)
195:(
185:·
178:·
171:·
164:·
141:.
108:)
102:(
97:)
93:(
89:.
55:)
51:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
