Projects / OWASP Zed Attack Proxy

OWASP Zed Attack Proxy

OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Operating Systems

Last announcement

Persian support now added 03 Feb 2012 08:11

Download the latest language pack from Thanks to Mohsen Mostafa Jokar

Recent releases

  •  21 May 2014 12:20

    Release Notes: This is a bugfix release.

    •  10 Apr 2014 14:48

      Release Notes: This release adds support for browser-side events, extended authentication, and non-std app support.

      •  27 Sep 2013 11:10

        Release Notes: This is a bugfix release.

        •  12 Sep 2013 07:57

          Release Notes: This release included support for scripts embedded in ZAP components like the active and passive scanners as well as support for Zest - a new security focused scripting language from the Mozilla security team. It also supports Mozilla Plug-n-Hack, localization in 20 languages, various minor enhancements, and lots of bugfixes.

          •  18 Apr 2013 10:11

            Release Notes: Minor enhancements and lots of bugfixes.

            Recent comments

            13 Jan 2011 20:54 xambroz

            Cool. With this approach it will be matching burpsuite soon :)


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.