HOME

TheInfoList



Click Here for Items Related To - OWASP ZAP
OR:
OWASP ZAP on:   [Wikipedia]   [Google]   [Amazon]

OWASP ZAP (short for Zed Attack Proxy) is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
web application security scanner A dynamic application security testing (DAST) is a non functional testing process where one can assess an application using certain techniques and the end result of such testing process covers security weaknesses and vulnerabilities present in an ap ...
. It is intended to be used by both those new to application security as well as professional penetration testers. It is one of the most active Open Web Application Security Project (
OWASP The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open ...
) projects and has been given Flagship status. When used as a
proxy server In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. Instead of connecting directly to a server that can fulfill a request ...
it allows the user to manipulate all of the traffic that passes through it, including traffic using
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
. It can also run in a
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
mode which is then controlled via a
REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and entert ...
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standa ...
. ZAP was added to the ThoughtWorks Technology Radar on May 30, 2015 in the Trial ring. ZAP was originally forked from Paros, another pentesting proxy. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.


Features

Some of the built in features include: * An intercepting
proxy server In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. Instead of connecting directly to a server that can fulfill a request ...
, * Traditional and
AJAX Ajax may refer to: Greek mythology and tragedy * Ajax the Great, a Greek mythological hero, son of King Telamon and Periboea * Ajax the Lesser, a Greek mythological hero, son of Oileus, the king of Locris * ''Ajax'' (play), by the ancient Greek ...
Web crawler A Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing (''web spid ...
s * An automated scanner * A passive scanner * Forced browsing * A
fuzzer In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions ...
*
WebSocket WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. The WebSocket protocol was standardized by the IETF as in 2011. The current API specification allowing web applications ...
support *
Scripting language A scripting language or script language is a programming language that is used to manipulate, customize, and automate the facilities of an existing system. Scripting languages are usually interpreted at runtime rather than compiled. A scripting ...
s * Plug-n-Hack support It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel has been described as easy to use.


Awards

* One of the
OWASP The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open ...
tools referred to in the 2015 Bossie award for The best open source networking and security software * Second place in the Top Security Tools of 2014 as voted by ToolsWatch.org readers * Top Security Tool of 2013 as voted by ToolsWatch.org readers * Toolsmith Tool of the Year for 2011


See also

*
Web application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security i ...
*
Burp suite Burping (also called belching and eructation) is the release of gas from the upper digestive tract (esophagus and stomach) of animals through the mouth. It is usually audible. In humans, burping can be caused by normal eating processes, or as ...
*
W3af w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities ...
*
Fiddler (software) Telerik AD (''Телерик АД'') is a Bulgarian company offering software tools for web, mobile, desktop application development, tools and subscription services for cross-platform application development. Founded in 2002 as a company focused o ...


References

{{Reflist


External links


Official website
Computer security software Cross-platform free software Free security software Injection exploits Java platform software Web security exploits