ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.
Stable release | 2.15.0
/ 7 May 2024 |
---|---|
Repository | |
Written in | Java |
Operating system | Linux, Windows, macOS |
Available in | 25[1] languages |
Type | Dynamic application security testing |
License | Apache Licence |
Website | www |
History
editZAP was originally forked from Paros which was developed by Chinotec Technologies Company.[2] Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.[3]
The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later.[4][5] In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project.[6][7][8] As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.[9]
ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.[10]
Features
editSome of the built in features include:
- An intercepting proxy server,
- Traditional and AJAX Web crawlers
- An automated scanner
- A passive scanner
- Forced browsing
- A fuzzer
- WebSocket support
- Scripting languages
- Plug-n-Hack support
See also
editFurther reading
edit- Soper, Ryan; N Torres, Nestor; Almoailu, Ahmed (10 March 2023). Zed Attack Proxy Cookbook. Packt Publishing. ISBN 9781801810159.
References
edit- ^ "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.
- ^ "ZAP – Paros Proxy". zaproxy.org. Retrieved 2024-10-18.
- ^ Bennetts, Simon (2014). Security Testing for Developers Using OWASP ZAP (Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30. Retrieved 2 June 2015.
- ^ Wylie, Phillip; Crawley, Kim (2021). The pentester blueprint: starting a career as an ethical hacker (1 ed.). Indianapolis: John Wiley and Sons. p. 75. ISBN 978-1-119-68430-5.
- ^ "Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0". bugtraq. Retrieved 2024-10-18.
- ^ "ZAP Core Team to move to Linux Foundation | OWASP Foundation".
- ^ "ZAP is Joining the Software Security Project". August 1, 2023.
- ^ "Welcoming ZAP to the Software Security Project". July 31, 2023.
- ^ https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
- ^ "Bossie Awards 2015: The best open source networking and security software". InfoWorld. Retrieved 2024-10-18.