Difference between revisions of "Projects/OWASP Zed Attack Proxy Project"

From OWASP
Jump to: navigation, search
(46 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Template:Project About
+
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
 +
 
 
| project_name = OWASP Zed Attack Proxy Project
 
| project_name = OWASP Zed Attack Proxy Project
  
| project_home_page = OWASP Zed Attack Proxy Project
+
| project_home_page = OWASP_Zed_Attack_Proxy_Project
  
 
| project_description =  
 
| project_description =  
This project provides an easy to use integrated penetration testing tool for testing web applications.
+
This project, OWASP Zed Attack Proxy Project (ZAP), provides an easy to use integrated penetration testing tool for testing web applications.
 +
 
 
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.
 
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.
 +
 +
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
  
 
| project_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]
 
| project_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]
Line 13: Line 17:
 
| leader_email1 = psiinon@gmail.com
 
| leader_email1 = psiinon@gmail.com
 
| leader_username1 = Psiinon
 
| leader_username1 = Psiinon
 +
 +
| leader_name2 = Axel Neumann
 +
| leader_email2 = a.c.neumann@gmail.com
 +
| leader_username2 = Axel_Neumann
  
 
| contributor_name[1-10] =  
 
| contributor_name[1-10] =  
Line 18: Line 26:
 
| contributor_username[1-10] =  
 
| contributor_username[1-10] =  
  
| pamphlet_link =  
+
| pamphlet_link = https://www.owasp.org/index.php/File:owasp_zap_flyer_v2.pdf
  
| presentation_link =
+
| presentation_link = http://www.owasp.org/images/c/c8/Conference_Style_slides_for_ZAP.ppt
  
| mailing_list_name =  
+
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-zed-attack-proxy
  
| project_road_map =  
+
| project_road_map = http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project/Roadmap
  
 
| links_url1 = http://code.google.com/p/zaproxy/
 
| links_url1 = http://code.google.com/p/zaproxy/
Line 38: Line 46:
 
| links_name4 = User Guide
 
| links_name4 = User Guide
  
| links_url5 = http://freshmeat.net/projects/zed-attack-proxy-zap
+
| links_url5 = http://groups.google.com/group/zaproxy-develop
| links_name5 = Freshmeat page
+
| links_name5 = Developer Group
 +
 
 +
| links_url6 = http://groups.google.com/group/zaproxy-users
 +
| links_name6 = User Group
 +
 
 +
| links_url7 = http://zaproxy.blogspot.co.uk/
 +
| links_name7 = ZAP Blog
 +
 
 +
| links_url8 = http://freecode.com/projects/zed-attack-proxy-zap
 +
| links_name8 = Freecode page
 +
 
 +
| links_url9 = https://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Zed_Attack_Proxy_Project/ZAP_1.3.0
 +
| links_name9 = Releases ZAP 1.3.0 / Assessment Process Control
 +
 
 +
| release_1 = ZAP 1.4.0
  
| links_url6 = http://groups.google.com/group/zaproxy-develop
+
| release_2 = ZAP 1.4.1
| links_name6 = Developer Group
+
  
| links_url7 = http://pentest4devs.blogspot.com/
+
| release_3 = ZAP 2.0.0
| links_name7 = Penetration Testing for Developers Blog
+
  
| release_1 = ZAP 1.0.0
+
| release_4 = ZAP 2.1.0
  
| release_2 =  
+
| release_5 = ZAP 2.2.0
  
| release_3 =
+
| release_6 = ZAP 2.2.2
  
| release_4 =
+
| project_about_page = Projects/OWASP_Zed_Attack_Proxy_Project
 
}}
 
}}

Revision as of 06:15, 27 September 2013

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Zed Attack Proxy Project (home page)
Purpose: This project, OWASP Zed Attack Proxy Project (ZAP), provides an easy to use integrated penetration testing tool for testing web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

License: Apache License 2.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Psiinon @ to contribute to this project
  • Contact Psiinon @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
ZAP 2.3.0 - 10/04/2014 - (download)
Release description: This release includes the following significant changes:
  • A ZAP 'lite' version in addition to the existing 'full' version
  • View, intercept, manipulate, resend and fuzz client-side (browser) events
  • Enhanced authentication support
  • Support for non standard apps
  • Input Vector scripts
  • Scan policy - fine grained control
  • Advanced Scan dialog
  • Extended command line options
  • More API support
  • Internationalized help file
  • Keyboard shortcuts
  • New UI options
  • More functionality moved to add-ons
  • New and improved active and passive scanning rules

For more details see http://code.google.com/p/zaproxy/wiki/HelpReleases2_3_0

Rating: Projects/OWASP Zed Attack Proxy Project/GPC/Assessment/ZAP 2.3.0
last reviewed release
ZAP 1.3.0 - 06/06/2011 - (download)
Release description: This release includes the following significant changes:
  • Fuzzing: Strings in a response can now be fuzzed to try to find vulnerabilities. Anti CRSF tokens can be detected and automatically regenerated when fuzzing. This functionality is based on code from the OWASP JBroFuzz project.
  • Dynamic SSL certificates: The support for SSL connections was improved and simplified. User's can now create their own root certificate and distribute this into their HTTP clients.
  • Daemon mode: Starting ZAP with the "-daemon" command line option will cause it to run in the background in 'headless' mode, meaning that no UI is displayed.
  • API: An initial API has been implemented in XML, JSON and HTML.
  • Beanshell integration: The BeanShell is an interactive Java shell that can be used to execute BeanShell scripts. BeanShell integration in OWASP ZAP enables you to write scripts using the ZAP functions and data set.
  • Full internationalisation: All displayed strings are now fully internationalised.
  • Localisation: Out of the box support for the following languages: English, Brazilian Portuguese, Chinese, French, German, Greek, Indonesian, Japanese, Polish, Spanish
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases