ZAPpingTheTop10

= ZAPping the OWASP Top 10 =

This content is currently a work in progress (as of Dec-2017), complete mapping for the 2013 edition of the OWASP Top 10 can be found here.

This document gives an overview of the automatic and manual components provided by the OWASP Zed Attack Proxy Project (ZAP) that are recommended for testing each of the OWASP Top Ten Project 2017 risks.

Note that the OWASP Top Ten Project risks cover a wide range of underlying vulnerabilities, some of which are not really possible to test for in a completely automated way. If a completely automated tool claims to protect you against the full OWASP Top Ten then you can be sure they are being ‘economical with the truth’! A printable (pdf) version of this document is also available (based on the Top 10 - 2013 edition): The component links take you to the relevant places in an online version of the ZAP User Guide from which you can learn more.

* The stared add-ons are not included by default in the full ZAP release but can be downloaded from the ZAP Marketplace via the ‘Manage add-ons’ button on the ZAP main toolbar.