The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
For more general information about ZAP go to the ZAP home page
We are in the process of migrating ZAP from Google Code.
- zap-extensions migrated to https://github.com/zaproxy/zap-extensions
- ZAP core help migrated to https://github.com/zaproxy/zap-core-help
- Permissions removed from the Google Code repo
- ZAP wiki moved to https://github.com/zaproxy/zaproxy/wiki
- The source code and issues have also been migrated
- Still to do - lots of tidying up of links ;)
More details on this ZAP Developer Group thread