OWASP ZAP explained

ZAP
Latest Release Version:2.14.0[1]
Operating System:Linux, Windows, OS X
Genre:Computer security
License:Apache Licence
Logo Size:124px
Language Count:25[2]
Programming Language:Java

ZAP (short for Zed Attack Proxy), formerly known as OWASP ZAP, is an open-source web application security scanner.It is intended to be used by both those new to application security as well as professional penetration testers.

It has been one of the most active Open Worldwide Application Security Project (OWASP) projects[3] and has been given Flagship status.[4]

When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using HTTPS.

It can also run in a daemon mode which is then controlled via a REST API.

ZAP was added to the ThoughtWorks Technology Radar on May 30, 2015 in the Trial ring.[5]

ZAP was originally forked from Paros, another pentesting proxy. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.[6]

As of August 1, 2023, the ZAP development team announced that ZAP was leaving the OWASP Foundation to join The Software Security Project, as a founding project [7] [8] and henceforth will be simply called ZAP.

The OWASP Foundation announced this departure on the following day.[9]

Features

Some of the built in features include:

It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel has been described as easy to use.[10]

An extensive list of all features can be found on https://www.zaproxy.org/docs/desktop/start/features/.

Awards

See also

External links

Notes and References

  1. Web site: Zap 2.14.0 . 12 July 2023 .
  2. Web site: OWASP ZAP. Crowdin.com. 3 November 2014.
  3. Web site: Open Web Application Security Project (OWASP). Openhub.net. 3 November 2014.
  4. Web site: OWASP Project Inventory. Owasp.org. 14 September 2023.
  5. Web site: TECHNOLOGY RADAR Our thoughts on the technology and trends that are shaping the future. Thoughtworks.com. 6 May 2015.
  6. Security Testing for Developers Using OWASP ZAP. 23:30. Oracle. JavaOne San Francisco 2014. 2014. Simon. Bennetts. 2 June 2015.
  7. Web site: ZAP is Joining the Software Security Project . August 1, 2023 .
  8. Web site: Welcoming ZAP to the Software Security Project . July 31, 2023.
  9. Web site: ZAP Core Team to move to Linux Foundation | OWASP Foundation .
  10. Web site: Automated Security Testing Web Applications Using OWASP Zed Attack Proxy test . Marcel Birkner. 28 October 2013 . 22 November 2016.
  11. Web site: Bossie Awards 2015: The best open source networking and security software. InfoWorld. 16 September 2015. Infoworld.com. 21 September 2015.
  12. Web site: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers. Toolswatch.org. 16 January 2015.
  13. Web site: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2013 Top Security Tools as Voted by ToolsWatch.org Readers. Toolswatch.org. 3 November 2014.
  14. Web site: HolisticInfoSec: 2011 Toolsmith Tool of the Year: OWASP ZAP. Russ McRee. February 2012. Holisticinfosec.blogspot.com. 3 November 2014.