ZAP (software)

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode, which is then controlled via a REST-based API.

ZAP was originally forked from Paros which was developed by Chinotec Technologies Company.^[2] Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.^[3]

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later.^[4][5] In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project.^[6][7][8] As of September 24, 2024, all of the main developers joined Checkmarx as employees, and ZAP was rebranded as ZAP by Checkmarx.^[9]

ZAP was listed in the 2015 InfoWorld Bossie award for "The best open source networking and security software".^[10]

Some of the built-in features include:

• An intercepting proxy server,
• Traditional and AJAX Web crawlers
• An automated scanner
• A passive scanner
• Forced browsing
• A fuzzer
• WebSocket support
• Scripting languages
• Plug-n-Hack support

Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

• Web application security
• Burp suite
• W3af
• Fiddler (software)

• Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

• Official website