OWASP Projects Dashboard 2.0

Project

Leader(s)

Contributor(s)

OWASP Development Guide

N/A

Andrew van der Stock @ Ken Owen @

OWASP Application Security Verification Standard Project

Sahba Kazerooni @ Daniel Cuthbert @

Dave Wichers @ Jeff Williams @ Mike Boberski

Main
Screenshots
Talks
News
ZAP Gear
Supporters
Functionality
Features
Languages
Roadmap
Get Involved

Review this project.

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

ZAP 2.8.0 is now available!

Please help us to make ZAP even better for you by answering the ZAP User Questionnaire!

For a quick overview of ZAP see these tutorial videos on YouTube:

For more videos see the links on the wiki videos page.

Interested in a ZAP talk or training event? See the talks tab. Not one near you? Contact a Zap Evangelist to arrange one!

For general information about ZAP:

Twitter - official ZAP announcements (low volume)
Blog - official ZAP blog

For help using ZAP:

Getting Started Guide (pdf) - an introductory guide you can print
Tutorial Videos
User Guide - online version of the User Guide included with ZAP
User Group - ask questions about using ZAP
Add-ons - help for the optional add-ons you can install
StackOverflow - because some people use this for all everything ;)

To learn more about ZAP development:

Source Code - for all of the ZAP related projects
Wiki - lots of detailed info
Developer Group - ask questions about the ZAP internals
Crowdin (GUI) - help translate the ZAP GUI
Crowdin (User Guide) - help translate the ZAP User Guide
OpenHub - FOSS analytics
BountySource - Vote on ZAP issues (you can also donate money here, but 10% taken out)

Justification

Justification for the statements made in the tagline at the top;)

Popularity:

ToolsWatch Annual Best Free/Open Source Security Tool Survey:
- 2016 2nd
- 2015 1st
- 2014 2nd
- 2013 1st

Contributors:

Share this:

Quick Download

Download OWASP ZAP!

Donate to ZAP

News and Events

Please see the News and Talks tabs

Change Log

Code Repo

Email List

Questions? Please ask on the ZAP User Group

Project Leader

Project Leader
Simon Bennetts @

Co-Project Leaders
Ricardo Pereira @

Rick Mitchell @

Related Projects

Open Hub Stats

https://www.openhub.net/p/zaproxy

Classifications



Apache 2 License


ZAP History Filter Screen Shot	ZAP Search Tab Screen Shot

Upcoming Talks/Training:

For details of upcoming ZAP related talks or training please see the latest ZAP Newsletter

Latest News:

2019/06/07 Version 2.8.0 released
2018/07/26 The ZAP Heads Up Display (HUD) revealed at Bay Area OWASP meetup
2017/11/28 Version 2.7.0 released
2017/03/29 Version 2.6.0 released
2017/02/11 ZAP came second in the Top Security Tools of 2016 as voted by ToolsWatch.org readers
2016/06/03 Version 2.5.0 released
2016/05/26 ZAP bug bounty program launched
2016/02/23 ZAP declared the Top Security Tool of 2015 as voted by ToolsWatch.org readers
2016/02/19 ZAP February newsletter published
2016/01/04 ZAP January newsletter published
2015/12/15 ZAP December newsletter published
2015/12/04 Version 2.4.3 released
2015/11/02 ZAP November newsletter published
2015/09/07 Version 2.4.2 released
2015/07/31 ZAP Scripting Competition launched
2015/07/30 Version 2.4.1 released
2015/05/05 ZAP featured in the ThoughtWorks Technology Radar
2015/04/14 Version 2.4.0 released
2015/01/14 ZAP came second in the Top Security Tools of 2014 as voted by ToolsWatch.org readers
2015/01/02 ZAP Community Scripts repo launched
2014/05/21 Version 2.3.1 released
2014/04/10 Version 2.3.0 released
2014/03/10 Hacking ZAP blog post series started: http://zaproxy.blogspot.co.uk/2014/03/hacking-zap-1-why-should-you.html
2014/02/17 ZAP included as one of the SourceForge projects of the week
2013/12/20 ZAP declared the Top Security Tool of 2013 as voted by ToolsWatch.org readers
2013/11/04 ZAP Evangelists initiative launched
2013/10/29 Simon won Best Project Leader WASPY Award
2013/09/27 Version 2.2.2 released
2013/09/11 Version 2.2.0 released
2013/07/29 New language file including support for Bosnian
2013/06/17 ZAP user questionnaire launched, now in both English and Spanish
2013/06/05 ZAP questions can now be asked on irc
2013/05/10 5 ZAP related projects accepted for Google Summer of Code
2013/04/18 Version 2.1.0 released
2013/01/30 Version 2.0.0 released
2012/11/27 Started a new zaproxy-test project of unit and integrations tests
2012/10/29 Adopted Crowdin for translations
2012/10/22 Started generating weekly releases
2012/10/12 ZAP Overview tutorial video published
2012/09/18 ZAP Gear Store goes live
2012/08/05 Version 1.4.1 released
2012/07/08 Version 1.4.0.1 downloaded over 15,000 times
2012/07/05 Python API released
2012/06/15 ZAP accepted for the OWASP Project Reboot
2012/06/13 Using ZAP for Security Regression tests video published
2012/06/04 Version 1.4.0.1 downloaded over 10,000 times
2012/05/28 Simon's Introduction to ZAP talk at App Sec USA becomes the most watched OWASP video on vimeo
2012/04/23 3 ZAP related Google Summer of Code 2012 projects accepted. To find out how these are progressing please see their wiki pages.
2012/04/23 OWASP ZAP SmartCard Project officially launched.
2012/04/08 Version 1.4.0.1 released
2012/02/10 Version 1.3.4 downloaded over 10,000 times
2012/02/01 OWASP ZAP is named the Toolsmith Tool of the Year for 2011!
2010/09/06 The very first ZAP release, 1.0.0 announced via bugtraq

Yes, you can now buy ZAP related gear!

All of the artwork for ZAP swag is released under the Creative Common License and can be downloaded from the zap-swag repo.

You can of course use the artwork from this repo with any other online store that you like.

A range of products can be purchased from Redbubble

T-shirts can be purchased from Cafepress

ZAP is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:

Some of ZAP's functionality:

Man-in-the-middle Proxy
Traditional and AJAX spiders
Automated scanner
Passive scanner
Forced browsing
Fuzzer
Dynamic SSL certificates
Smartcard and Client Digital Certificates support
Web sockets support
Support for a wide range of scripting languages
Plug-n-Hack support
Authentication and session support
Powerful REST based API
Automatic updating option
Integrated and growing marketplace of add-ons

Some of ZAP's features:

Open source
Cross platform (it even runs on a Raspberry Pi!)
Easy to install (using a multi-platform installer builder)
Completely free (no paid for 'Pro' version)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Translated into over 20 languages
Community based, with involvement actively encouraged
Under active development by an international team of volunteers

ZAP is a fork of the well regarded Paros Proxy.

ZAP supports the following languages:

English
Arabic
Bosnian
Brazilian Portuguese
Chinese
Danish
Filipino
French
German
Greek
Hungarian
Indonesian
Italian
Japanese
Korean
Persian
Polish
Russian
Sinhala
Spanish
Urdu

You can use Crowdin to help improve these translations or add new ones right now!

Release 2.6.0

ZAP 2.6.0 has been released, this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0

Release 2.7.0

ZAP 2.7.0 has been released (Nov 2017), this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_7_0

It requires Java 8 (minimum) and supports Selenium 3.

Release 2.8.0

ZAP 2.8.0 has been released (June 2019), this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_8_0

Involvement in the development of ZAP is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

Feature Requests

Please raise new feature requests as enhancement requests here: https://github.com/zaproxy/zaproxy/issues

If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.

Feedback

Please use the zaproxy-users Google Group for feedback:

What do like?
What don't you like?
What features could be made easier to use?
How could the help pages be improved?

Log issues

Have you had a problem using ZAP?

If so and its not already been logged then please report it

Localization

Are you fluent in another language? Can you help translate ZAP into that language?

You can use Crowdin to do that!

Development

If you fancy having a go at adding functionality to ZAP then please get in touch via the zaproxy-develop Google Group.

Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!

If you actively contribute to ZAP then you will be invited to join the project.

OWASP Hackademic Challenges Project

Konstantinos Papapanagiotou @ Spyros Gasteratos @ Andreas Venieris (Core Developer) (Founder) @

Alex Papanikolaou @ Vasileios Vlachos @ Anastasios Stasinopoulos (Founder) @

OWASP Projects Dashboard 2.0

ZAP 2.8.0 is now available!

Please help us to make ZAP even better for you by answering the ZAP User Questionnaire!

Justification

Quick Download

Donate to ZAP

News and Events

Change Log

Code Repo

Email List

Project Leader

Related Projects

Open Hub Stats

Classifications

Release 2.6.0

Release 2.7.0

Release 2.8.0

Feature Requests

Feedback

Log issues

Localization

Development

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools