OWASP ZAP
www.zaproxy.org
1
Leaving SiteNav
External Link Disclaimer
You are about to visit www.zaproxy.org. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
OWASP ZAP (Zed Attack Proxy) is a free, open source web application security scanner maintained by the OWASP Foundation, recognized as one of the most popular security testing tools worldwide. As an integrated penetration testing tool, ZAP helps developers and security professionals automatically discover security vulnerabilities throughout the application development lifecycle, including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other common web security flaws. ZAP provides multiple scanning modes including active scanning, passive scanning, and automated API scanning, with support for intercepting proxies, fuzzing, scripting, and other advanced capabilities. The tool is completely free and open source with an active global community of contributors, supporting CI/CD pipeline integration for embedding security testing into continuous integration workflows. ZAP suits users ranging from security beginners to professional penetration testers, offering extensive documentation and training resources. As a flagship OWASP project, it has earned over 12,000 stars on GitHub and has become a standard tool in web application security testing, widely used by thousands of enterprises and organizations globally including major financial institutions, government agencies, and technology companies that rely on it for regular security assessments and compliance audits.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike