OWASP ZAP 2.4

Free It can help you automatically find security vulnerabilities in your web apps
4.8 
Rating
Your vote:
Latest version:
2.5 See all
Developer:
OWASP
Screenshots
1 / 7
Awards (1)
Show all awards
Software Informer Editor Rating 5
Download
Free  

OWASP ZAP (Zed Attack Proxy) is a powerful tool meant to help web developers and IT security professionals find security vulnerabilities in web applications, either automatically trough a series of scanners or manually through classic penetration testing methods.

As you've probably already figured out, OWASP ZAP is not a tool for any casual users. It's meant to be used by functional testers, web developers, and other people with enough experience in penetration testing or at least in general IT security. Anyway, its interface is intuitive and self-explanatory, and that's quite surprising when taking into consideration the fact that OWASP ZAP is also a comprehensive and feature-rich tool. For example, it can be used as an accurate intercepting proxy that lets you view the requests made to a web app and their responses, including AJAX calls. By setting breaking points one can even control these requests and responses live as they happen. Another cool feature of this powerful tool is the fact that it provides multiple “spiders” (tools to discover new resources (URLs) on a specific website), including one that supports AJAX. There are also both passive and active scanners that look to detect potential vulnerabilities by using known attacks against the selected target, as well as a “fuzzer” that lets you submit a large amount of invalid or unexpected data to a target to test its reaction. These are just a few of the many features, functions and built-in tools that OWASP ZAP provides. And the best thing about it is that it's an open source tool that can be used and modified freely by anyone.

It's also easy to install, as it only requires Java, and impressively effective, as it's a community-based utility that resulted from the collaboration of brilliant minds.

MS Senior editor
Margie Smeer
Editor rating:
rating

Review summary

Pros

  • Comprehensive help files
  • Open source
  • Powerful and feature-rich

Cons

  • Requires Java

Comments

4.8
Rating
5 votes
5 stars
4
4 stars
1
3 stars
0
2 stars
0
1 stars
0
User

Your vote:

Related software

soapUI
soapUI
Free
rating

Create end-to-end tests on REST and SOAP APIs, and other web services.

OWASP Zed Attack Proxy
OWASP Zed Attack Proxy
Free
rating

Find security vulnerabilities in web applications.

Splint
Splint
Free
rating

A tool for statically checking C programs for security vulnerabilities.

Email Spider
Email Spider
rating

It provides database integration for easy sorting and protecting your data!

AppPerfect App Test
AppPerfect App Test
rating

A fully Automated Functional testing and Regression testing software