Login
Login

ZAP (software)

{{Short description|Open-source web application security scanner}}

{{Infobox software

| name = ZAP by Checkmarx

| logo = Logo of ZAP by Checkmarx.svg

| logo_size = 200px

| logo_caption = Logo including Checkmarx, since 2024

| screenshot = OWASP-ZAP.png

| caption =

| latest release version = {{wikidata|property|P348}}

| latest release date = {{release date and age|2024|05|07|df=yes}}

| operating system = Linux, Windows, macOS

| genre = Dynamic application security testing

| license = Apache Licence

| website = {{URL|https://www.zaproxy.org/}}

| language count = 25{{cite web|url=https://crowdin.com/project/owasp-zap|title=OWASP ZAP|publisher=Crowdin.com|access-date=3 November 2014}}

| programming language = Java

}}

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.

History

ZAP was originally forked from Paros which was developed by Chinotec Technologies Company.{{Cite web |title=ZAP – Paros Proxy |url=https://www.zaproxy.org/docs/desktop/paros/ |access-date=2024-10-18 |website=zaproxy.org}} Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.{{cite speech |url=https://www.youtube.com/watch?v=_MmDWenz-6U&t=23m30s |time=23:30 |publisher=Oracle |event=JavaOne San Francisco 2014 |date=2014 |first=Simon |last=Bennetts |title=Security Testing for Developers Using OWASP ZAP |access-date=2 June 2015}}

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later.{{Cite book |last=Wylie |first=Phillip |title=The pentester blueprint: starting a career as an ethical hacker |last2=Crawley |first2=Kim |author-link2=Kim Crawley |date=2021 |publisher=John Wiley and Sons |isbn=978-1-119-68430-5 |edition=1 |location=Indianapolis |page=75}}{{Cite web |title=Bugtraq: The Zed Attack Proxy (ZAP) version 1.0.0 |url=https://seclists.org/bugtraq/2010/Sep/38 |access-date=2024-10-18 |website=bugtraq |language=en}} In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project.{{cite web |title=ZAP Core Team to move to Linux Foundation | OWASP Foundation |url=https://owasp.org/blog/2023/08/02/zap-core-team-leaves-owasp}}{{cite web |date=August 1, 2023 |title=ZAP is Joining the Software Security Project |url=https://www.zaproxy.org/blog/2023-08-01-zap-is-joining-the-software-security-project/}}{{cite web |date=July 31, 2023 |title=Welcoming ZAP to the Software Security Project |url=https://softwaresecurityproject.org/blog/welcoming-zap-to-the-software-security-project/}} As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/

ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.{{Cite web |title=Bossie Awards 2015: The best open source networking and security software |url=https://www.infoworld.com/article/2238317/bossie-awards-2015-the-best-open-source-networking-and-security-software.html |access-date=2024-10-18 |website=InfoWorld |language=en-US}}

Features

Some of the built in features include:

See also

{{Portal|Free and open-source software}}

Further reading

  • {{Cite book |last=Soper |first=Ryan |title=Zed Attack Proxy Cookbook |last2=N Torres |first2=Nestor |last3=Almoailu |first3=Ahmed |date=10 March 2023 |publisher=Packt Publishing |isbn=9781801810159}}

References

{{Reflist}}

External links

  • [https://www.zaproxy.org/ Official website]

Category:Computer security software

Category:Cross-platform free software

Category:Free security software

Category:Java platform software