OWASP Zed Attack Proxy Project
The Zed Attack Proxy (ZAP) is an easy to use
integrated penetration testing tool for
finding vulnerabilities in web applications.
It is designed to be used by people with a
wide range of security experience and as
such is ideal for developers and functional
testers who are new to penetration testing.
ZAP provides automated scanners as well as a
set of tools that allow you to find security
vulnerabilities manually
Some of ZAP’s features:
Intercepting Proxy
Automated scanner
Passive scanner
Brute Force scanner
Spider
Fuzzer
Port scanner
Dynamic SSL certificates
API
Beanshell integration
Some of ZAP’s characteristics:
Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Under active development
Open source
Free (no paid for ‘Pro’ version)
Cross platform
Involvement actively encouraged
No comments:
Post a Comment