OWASP Zed Attack Proxy Project

= Main =  {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Please help us to make ZAP even better for you by answering the ZAP User Questionnaire!
For a quick overview of ZAP and an introduction to the official ZAP Jenkins plugin see these tutorial videos on YouTube:

For more videos see the links on the wiki videos page.

Interested in a ZAP talk or training event? See the talks tab. Not one near you? Contact a Zap Evangelist to arrange one!

For general information about ZAP:
 * Twitter - official ZAP announcements (low volume)
 * Blog - official ZAP blog

For help using ZAP:
 * Getting Started Guide (pdf) - an introductory guide you can print
 * Tutorial Videos
 * User Guide - online version of the User Guide included with ZAP
 * User Group - ask questions about using ZAP
 * Add-ons - help for the optional add-ons you can install
 * StackOverflow - because some people use this for all everything ;)

To learn more about ZAP development:
 * Source Code - for all of the ZAP related projects
 * Wiki - lots of detailed info
 * Developer Group - ask questions about the ZAP internals
 * Crowdin (GUI) - help translate the ZAP GUI
 * Crowdin (User Guide) - help translate the ZAP User Guide
 * OpenHub	- FOSS analytics
 * BountySource - Vote on ZAP issues (you can also donate money here, but 10% taken out)

Justification
Justification for the statements made in the tagline at the top;)

Popularity:
 * ToolsWatch Annual Best Free/Open Source Security Tool Survey:
 * 2016 2nd
 * 2015 1st
 * 2014 2nd
 * 2013 1st

Contributors:
 * Code Contributors
 * ZAP core i18n Contributors
 * ZAP help i18n Contributors


 * style="padding-left:25px;width:200px;" valign="top" |

Quick Download
Download OWASP ZAP!

News and Events
Please see the News and Talks tabs

Change Log

 * zaproxy
 * zap-extensions

Code Repo

 * zaproxy
 * zap-extensions

Email List
Questions? Please ask on the ZAP User Group

Project Leader
Project Leader Simon Bennetts [mailto:psiinon@gmail.com @]

Co-Project Leaders

Ricardo Pereira

Rick Mitchell [mailto:kingthorin@gmail.com @]

Related Projects

 * OWASP WTE
 * OWASP OWTF

Ohloh

 * https://www.openhub.net/p/zaproxy

Classifications

 * }

= Screenshots =

= Talks =

= News =

= ZAP Gear =

Yes, you can now buy ZAP related gear!

All of the artwork for ZAP swag is released under the Creative Common License and can be downloaded from the zap-swag repo.

You can of course use the artwork from this repo with any other online store that you like.

A range of products can be purchased from Redbubble

Stickers can be purchased from Stickermule

T-shirts can be purchased from Cafepress



= Supporters =

ZAP is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:


 * Mozilla
 * The Linux Foundation
 * OWASP
 * Sage
 * Google
 * Microsoft
 * Hacktics, Ernst & Young
 * DinoSec
 * Denim Group
 * Aspect Security
 * SecureIdeas
 * UtiliSec
 * encription
 * Accenture Digital

= Functionality = Some of ZAP's functionality:


 * Intercepting Proxy
 * Traditional and AJAX spiders
 * Automated scanner
 * Passive scanner
 * Forced browsing
 * Fuzzer
 * Dynamic SSL certificates
 * Smartcard and Client Digital Certificates support
 * Web sockets support
 * Support for a wide range of scripting languages
 * Plug-n-Hack support
 * Authentication and session support
 * Powerful REST based API
 * Automatic updating option
 * Integrated and growing marketplace of add-ons

= Features = Some of ZAP's features:


 * Open source
 * Cross platform (it even runs on a Raspberry Pi!)
 * Easy to install (using a multi-platform installer builder)
 * Completely free (no paid for 'Pro' version)
 * Ease of use a priority
 * Comprehensive help pages
 * Fully internationalized
 * Translated into over 20 languages
 * Community based, with involvement actively encouraged
 * Under active development by an international team of volunteers

ZAP is a fork of the well regarded Paros Proxy.

= Languages =

ZAP supports the following languages:


 * English
 * Arabic
 * Bosnian
 * Brazilian Portuguese
 * Chinese
 * Danish
 * Filipino
 * French
 * German
 * Greek
 * Hungarian
 * Indonesian
 * Italian
 * Japanese
 * Korean
 * Persian
 * Polish
 * Russian
 * Sinhala
 * Spanish
 * Urdu

You can use Crowdin to help improve these translations or add new ones right now!

= Roadmap =

Release 2.6.0
ZAP 2.6.0 has been released, this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0

Release 2.7.0
ZAP 2.7.0 is being actively worked on, and is expected to be released relatively soon.

It will require Java 8 (minimum) and will support Selenium 3. It will also include all of the changes currrently available in the weekly release.

Release 2.8.0
ZAP 2.8.0 does not yet have a planned release date, but is likely to be around the end of 2017 or (more likely) the beginning of 2018.

= Get Involved =

Involvement in the development of ZAP is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

Feature Requests
Please raise new feature requests as enhancement requests here: https://github.com/zaproxy/zaproxy/issues

If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.

Feedback
Please use the zaproxy-users Google Group for feedback:
 * What do like?
 * What don't you like?
 * What features could be made easier to use?
 * How could the help pages be improved?

Log issues
Have you had a problem using ZAP?

If so and its not already been logged then please report it

Localization
Are you fluent in another language? Can you help translate ZAP into that language?

You can use Crowdin to do that!

Development
If you fancy having a go at adding functionality to ZAP then please get in touch via the zaproxy-develop Google Group.

Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!

If you actively contribute to ZAP then you will be invited to join the project.