OWASP ZAP The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hu...
OWASP ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.
Please help us to make ZAP even better for you by answering the ZAP User Questionnaire!
For general information about ZAP:
- Homepage - the official ZAP page on the OWASP wiki (includes a donate button;)
- Twitter - official ZAP announcements (low volume)
- Blog - official ZAP blog
- Monthly Newsletters - ZAP news, tutorials, 3rd party tools, and featured contributors
- Swag! - official ZAP swag that you can buy, as well as all of the original artwork released under the CC License
For help using ZAP:
- Getting Started Guide (pdf) - an introductory guide you can print
- Tutorial Videos
- Articles - that go into ZAP features in more depth
- Frequently Asked Questions
- User Guide - online version of the User Guide included with ZAP
- User Group - ask questions about using ZAP
- IRC: irc.mozilla.org #websectools (eg using Mibbit) - chat with core ZAP developers (European office hours usually best)
- Add-ons - help for the optional add-ons you can install
- StackOverflow - because some people use this for everything ;)
Information about the official ZAP Jenkins plugin:
To learn more about ZAP development:
- Source Code - for all of the ZAP related projects
- Wiki - lots of detailed info
- Developer Group - ask questions about the ZAP internals
- Crowdin (GUI) - help translate the ZAP GUI
- Crowdin (User Guide) - help translate the ZAP User Guide
- OpenHub - FOSS analytics
- Bounty Source - Vote on ZAP issues (you can also donate money here, but 10% taken out)
- Bug Bounty Program - please use this to report any potential vulnerabilities you find in ZAP
Justification
Popularity:
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
Contributors: