OWASP ZAP 1.4.0
The Open Web Application SecurityProject or OWASP ZAP 1.4.0 is now available for download.
The Zed Attack Proxy (ZAP) is a penetration testing tool, very easy to use, suitable in finding vulnerabilities in web applications.
It was designed to be accesible to users with a broader range of security experience so it is ideal for developers and functional testers who are new to penetration testing.
ZAP comes packed as an automated scanner and as a set of tools that will let you discover security vulnerabilities manually.
OWASP ZAP is also the Toolsmith Tool of the Year for 2011!
Some of ZAP’s features:
- Intercepting Proxy
- Automated scanner
- Passive scanner
- Brute Force scanner
- Port scanner
- Dynamic SSL certificates
- Beanshell integration
Some of ZAP’s characteristics:
- Easy to install (just requires java 1.6)
- Ease of use a priority
- Comprehensive help pages
- Fully internationalized
- Under active development
- Open source
- Free (no paid for ‘Pro’ version)
- Cross platform
- Involvement actively encouraged
It supports the following languages:
- Brazilian Portuguese