zaproxy a web application penetration testing tool

zaproxy a web application penetration testing tool

Today i am going to write about a penetration testing tool for finding vulnerabilities in web application tool. Ifound it on code.google.com .

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.


It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pentester's toolbox.


Some of ZAP's features:

1. Intercepting Proxy
2. Automated scanner
3. Passive scanner
4. Brute Force scanner
5. Spider
6. Port Scanner

Some of ZAP's characteristics:

1. Easy to install (just requires java 1.6)
2. Ease of use a priority
3. Comprehensive help pages
4. Under active development
5. Open source
6. Free (no paid for 'Pro' version)
7. Cross platform
8. Involvement actively encouraged

Download Here:

http://code.google.com/p/zaproxy/downloads/list