ZAP (software)

ZAP by Checkmarx
	Logo including Checkmarx, since 2024
Stable release	2.15.0 / 7 May 2024; 6 months ago
Repository	github.com/zaproxy/zaproxy ;
Written in	Java
Operating system	Linux, Windows, macOS
Available in	25 languages
Type	Dynamic application security testing
License	Apache Licence
Website	www.zaproxy.org

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.

History

ZAP was originally forked from Paros which was developed by Chinotec Technologies Company.^[2] Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.^[3]

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later.^[4]^[5] In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project.^[6]^[7]^[8] As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.^[9]

ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.^[10]

Features

Some of the built in features include:

An intercepting proxy server,
Traditional and AJAX Web crawlers
An automated scanner
A passive scanner
Forced browsing
A fuzzer
WebSocket support
Scripting languages
Plug-n-Hack support

References

^ "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.
^ "ZAP – Paros Proxy". zaproxy.org. Retrieved 2024-10-18.
^ Bennetts, Simon (2014). Security Testing for Developers Using OWASP ZAP (Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30. Retrieved 2 June 2015.
^ Wylie, Phillip; Crawley, Kim (2021). The pentester blueprint: starting a career as an ethical hacker (1 ed.). Indianapolis: John Wiley and Sons. p. 75. ISBN 978-1-119-68430-5.
^ "Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0". bugtraq. Retrieved 2024-10-18.
^ "ZAP Core Team to move to Linux Foundation | OWASP Foundation".
^ "ZAP is Joining the Software Security Project". August 1, 2023.
^ "Welcoming ZAP to the Software Security Project". July 31, 2023.
^ https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
^ "Bossie Awards 2015: The best open source networking and security software". InfoWorld. Retrieved 2024-10-18.

External links

Official website

[1] "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.

[2] "ZAP – Paros Proxy". zaproxy.org. Retrieved 2024-10-18.

[3] Bennetts, Simon (2014). Security Testing for Developers Using OWASP ZAP (Speech). JavaOne San Francisco 2014. Oracle. Event occurs at 23:30. Retrieved 2 June 2015.

[4] Wylie, Phillip; Crawley, Kim (2021). The pentester blueprint: starting a career as an ethical hacker (1 ed.). Indianapolis: John Wiley and Sons. p. 75. ISBN 978-1-119-68430-5.

[5] "Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0". bugtraq. Retrieved 2024-10-18.

[6] "ZAP Core Team to move to Linux Foundation | OWASP Foundation".

[7] "ZAP is Joining the Software Security Project". August 1, 2023.

[8] "Welcoming ZAP to the Software Security Project". July 31, 2023.

[9] ttps://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/

[10] "Bossie Awards 2015: The best open source networking and security software". InfoWorld. Retrieved 2024-10-18.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

ZAP (software)

History

Features

See also

Further reading

References

External links