Skip to content

Latest commit



47 lines (29 loc) · 2.55 KB

File metadata and controls

47 lines (29 loc) · 2.55 KB



The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel is easy to use, and the API functions make it ideal for automation testing and continuous assessments in a SDLC.


  • Web Application
  • Pentest
  • Web API Security
  • Vulnerability assessment

Black Hat sessions

Black Hat Arsenal USA Black Hat Arsenal EU Black Hat Arsenal USA


ToolsWatch Annual Best Free/Open Source Security Tool Survey:

1st 2nd 1st 2nd


Lead Developer

Mozilla \ Simon Bennetts -

Social Media