Home

ZAP

ZAP, or Zed Attack Proxy, is an open-source web application security testing tool maintained by the Open Web Application Security Project (OWASP). It is designed to help developers and testers find security vulnerabilities in web applications during development and testing cycles. ZAP functions as a man-in-the-middle proxy, allowing users to observe and alter traffic between a browser and a target application, and to instrument requests for testing.

Key features include an intercepting proxy, an automated scanner, passive vulnerability assessment, and an active vulnerability

The tool is cross-platform and written in Java, available with a graphical user interface as well as

As an OWASP project, ZAP is released under the Apache License 2.0 and benefits from an active

scanner.
It
also
provides
a
spider
for
crawling
applications,
a
fuzzing
component,
authentication
support,
and
reporting
tools.
ZAP
can
be
extended
with
a
marketplace
of
add-ons
and
supports
a
programmable
API
for
automation
and
integration
with
CI/CD
pipelines.
It
supports
scripting
and
customization
through
languages
such
as
Java
and
Python,
enabling
custom
scanners
and
workflows.
a
headless
mode
suitable
for
automated
tests.
It
offers
a
REST-like
API
and
a
variety
of
integrations
with
build
systems,
IDEs,
and
test
frameworks.
Typical
usage
includes
identifying
common
web
vulnerabilities
such
as
injection
flaws,
cross-site
scripting,
and
insecure
misconfigurations,
in
a
controlled,
ethical
security
assessment.
community
of
contributors
and
users.
Documentation,
tutorials,
and
plugin
extensions
are
maintained
on
the
official
ZAP
website.