OWASP Zed Attack Proxy (ZAP)
OWASP Zed Attack Proxy (ZAP) is an open-source interception proxy and web application assessment tool.
- parallels Burp Suite’s features and functionality
- available to use via an open-source license
- many features to support automated scanning, input manipulation, and API testing
- key features:
- interception proxy
- for intercepting and modifying requests and responses between the browser and web application
- active scanner
- automate the discovery of content and vulnerabilities within a web application
- can identify vulnerabilities such as SQL injection and cross-site scripting (XSS)
- can be modified and extended by installing add-ons
- interception proxy
- plugins can extend its capabilities
- allows users to create and share custom scripts and plugins
- provides detailed reports and alerts
- helps quickly identify and prioritize security issues
- provides a browser preconfigured to send all data through the proxy
How it Works
- indexes all the files and directories it can see on the target web server, a process called spidering
- then locates and reports on any potential issues