 Logo including Checkmarx, since 2024 | |
 | |
| Stable release | 2.15.0 / 7 May 2024; 7 months ago (2024-05-07) |
|---|---|
| Repository | |
| Written in | Java |
| Operating system | Linux, Windows, macOS |
| Available in | 25 languages |
| Type | Dynamic application security testing |
| License | Apache Licence |
| Website | www |
ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.
History
ZAP was originally forked from Paros which was developed by Chinotec Technologies Company. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.
The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later. In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project. As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.
ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.
Features
Some of the built in features include:
- An intercepting proxy server,
- Traditional and AJAX Web crawlers
- An automated scanner
- A passive scanner
- Forced browsing
- A fuzzer
- WebSocket support
- Scripting languages
- Plug-n-Hack support
See also
Further reading
- Soper, Ryan; N Torres, Nestor; Almoailu, Ahmed (10 March 2023). Zed Attack Proxy Cookbook. Packt Publishing. ISBN 9781801810159.
References
- "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.
- "ZAP – Paros Proxy". zaproxy.org. Retrieved 2024-10-18.
- Bennetts, Simon (2014). Security Testing for Developers Using OWASP ZAP (Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30. Retrieved 2 June 2015.
- Wylie, Phillip; Crawley, Kim (2021). The pentester blueprint: starting a career as an ethical hacker (1 ed.). Indianapolis: John Wiley and Sons. p. 75. ISBN 978-1-119-68430-5.
- "Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0". bugtraq. Retrieved 2024-10-18.
- "ZAP Core Team to move to Linux Foundation | OWASP Foundation".
- "ZAP is Joining the Software Security Project". August 1, 2023.
- "Welcoming ZAP to the Software Security Project". July 31, 2023.
- https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
- "Bossie Awards 2015: The best open source networking and security software". InfoWorld. Retrieved 2024-10-18.