OWASP Zed Attack Proxy (ZAP) – Web Application Pentest Tool

0
0

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

OWASP Zed Attack Proxy (ZAP) - Web Application Pentest Tool

OWASP Zed Attack Proxy (ZAP) – Web Application Pentest Tool

You can use this tool to run several mode of web attack such as Man-in-the-middle proxy so you will be able to find the request you send with the full response from the web server, automated scanner which allow security tester to crawl and actively scan the target, passive scanning which will make the scan without changing in the request or response of the web server and there is also the Spider functionality which is very useful to identify any linked URL on your target next it will add it to the scanner list. this for example social media profiles published or any external links that may allow attacker to use it on the next round of attack.

Some of ZAP’s features are:

  • Open source
  • Cross platform (it even runs on a Raspberry Pi!)
  • Easy to install (using a multi-platform installer builder)
  • Completely free (no paid for ‘Pro’ version)
  • Ease of use a priority
  • Comprehensive help pages
  • Fully internationalized
  • Translated into over 20 languages
  • Community based, with involvement actively encouraged
  • Under active development by an international team of volunteers

OWASP Zed Attack Proxy support websocket scanning and it will be possible to add it on your regression environment using tools like Selenium and there is also plugin for Jenkin if you want to integrate your security check with the CI build phase.

You can read and download this tool over here: https://github.com/zaproxy/zaproxy

Share