The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel is easy to use, and the API functions make it ideal for automation testing and continuous assessments in a SDLC.
- Web Application
- Web API Security
- Vulnerability assessment
Black Hat sessions
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
Mozilla \ Simon Bennetts - https://github.com/psiinon