ZAP (software)

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.

ZAP was originally forked from Paros which was developed by Chinotec Technologies Company. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later. In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project. As of September 24, 2024, all of the main developers joined Checkmarx as employees and ZAP was rebranded as ZAP by Checkmarx.

ZAP was listed in the 2015 InfoWorld Bossie award for The best open source networking and security software.

Some of the built in features include:

• An intercepting proxy server,
• Traditional and AJAX Web crawlers
• An automated scanner
• A passive scanner
• Forced browsing
• A fuzzer
• WebSocket support
• Scripting languages
• Plug-n-Hack support

• Web application security
• Burp suite
• W3af
• Fiddler (software)

• Soper, Ryan; N Torres, Nestor; Almoailu, Ahmed (10 March 2023). Zed Attack Proxy Cookbook. Packt Publishing. ISBN 9781801810159.

• Official website