ZAP (software) explained

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.

History

ZAP was originally forked from Paros which was developed by Chinotec Technologies Company.^[2] Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.^[3]

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later.^{[4] [5]} In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project.^{[6] [7] [8]} As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.^[9]

ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.^[10]

Features

Some of the built in features include:

• An intercepting proxy server,
• Traditional and AJAX Web crawlers
• An automated scanner
• A passive scanner
• Forced browsing
• A fuzzer
• WebSocket support
• Scripting languages
• Plug-n-Hack support

See also

• Web application security
• Burp suite
• W3af
• Fiddler (software)

Further reading

• Book: Soper, Ryan . Zed Attack Proxy Cookbook . N Torres . Nestor . Almoailu . Ahmed . 10 March 2023 . . 9781801810159.

External links

• Official website

Notes and References

1. Web site: OWASP ZAP. Crowdin.com. 3 November 2014.
2. Web site: ZAP – Paros Proxy . 2024-10-18 . zaproxy.org.
3. Security Testing for Developers Using OWASP ZAP . 23:30 . Oracle . JavaOne San Francisco 2014 . 2014 . Simon . Bennetts . 2 June 2015.
4. Book: Wylie, Phillip . The pentester blueprint: starting a career as an ethical hacker . Crawley . Kim . Kim Crawley . 2021 . John Wiley and Sons . 978-1-119-68430-5 . 1 . Indianapolis . 75.
5. Web site: Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0 . 2024-10-18 . . en.
6. Web site: ZAP Core Team to move to Linux Foundation | OWASP Foundation .
7. Web site: August 1, 2023 . ZAP is Joining the Software Security Project .
8. Web site: July 31, 2023 . Welcoming ZAP to the Software Security Project .
9. https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
10. Web site: Bossie Awards 2015: The best open source networking and security software . 2024-10-18 . InfoWorld . en-US.