OWASP has announced the release of an updated and improved Zed Attack Proxy (ZAP) 1.4.0 multi-function network security tool.
"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications," the OWASP project flyer states.
"It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing, as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually," the flyer continues.
According to SECLists.org, the new version includes:
- Syntax highlighting
- fuzzdb integration
- Parameter analysis
- Enhanced XSS scanner
- A port of some of the Watcher checks
- Plugable extensions
Other functionalities include:
- Intercepting proxy
- Automated scanner
- Passive scanner
- Brute force scanner
- Port scanner
- Dynamic SSL Certificates
- Beanshell integration
The tool can be downloaded at no cost from the OWASP ZAP page here:
The following is an introductory tutorial video for ZAP with Simon Bennetts:
More information on ZAP 1.4.0 can be found here: