Vulnerability Detection

ZAP – web app scanner

The Zed Attack Proxy (ZAP) is a web app scanner.

It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a tool for experienced pentesters to use for manual security testing.

At its core, ZAP is what is known as a “manipulator-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.

ZAP provides functionality for a range of skill levels – from developers, to testers new to security testing, to security testing specialists. ZAP has versions for each major OS and Docker, so you are not tied to a single OS. Additional functionality is freely available from a variety of add-ons in the ZAP Marketplace, accessible from within the ZAP client.

This is free and open source software.

Website: github.com/zaproxy/zaproxy
Support:
Developer: Checkmarx
License: Apache License 2.0

ZAP is written in Java. Learn Java with our recommended free books and free tutorials.


Related Software

Vulnerability Detection Tools
MetasploitPenetration testing framework
NucleiFast and customisable vulnerability scanner
OpenVASFull-featured vulnerability scanner
NiktoWeb server scanner
LynisAuditing, system hardening, compliance testing
grypeVulnerability scanner for container images and filesystems
OSSECCentralized architecture for monitoring and managing multiple systems
OpenSCAPNIST Certified SCAP 1.2 toolkit
octoscanStatic vulnerability scanner for GitHub action workflows
GreenboneCentral management service between security scanners and the user clients.
TerrapinTerrapin Vulnerability Scanner for the Terrapin attack
TigerSecurity audit and intrusion detection too
PRSWeb security scanner
TrivyTerrapin Vulnerability Scanner for the Terrapin attack

Read our verdict in the software roundup.

Security Testing
ZAPWeb app scanner
mitmproxyInteractive HTTPS proxy
WfuzzWeb application fuzzer and Python library for security assessments
sqlmapPenetration testing tool
InterceptSuiteNetwork traffic interception tool
DalfoxIdentify cross-site scripting vulnerabilities in web applications
CommixPython-based penetration testing tool
BURPAccelerate application security testing

Read our verdict in the software roundup.


Best Free and Open Source Software Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.

This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk.

You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more.

Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form.
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted