ZAP
zaproxy.org
The ZAP Homepage
If you are new to security testing, then ZAP has you very much in mind. Check out our ZAP Quick Start Guide to learn more · ZAP provides range of options for security automation. Check out the automation docs to start automating
Documentation
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
Blog
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
Videos
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
Community
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
Factsheet
ZAP by Checkmarx
Stable release 2.17.0
/ 25 March 2025; 15 months ago (2025-03-25)
/ 25 March 2025; 15 months ago (2025-03-25)
Written in Java
ZAP by Checkmarx
Stable release 2.17.0
/ 25 March 2025; 15 months ago (2025-03-25)
/ 25 March 2025; 15 months ago (2025-03-25)
Written in Java
ZAP
zaproxy.org › docs
ZAP – Documentation
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
OWASP ZAP - What is it, and how does it work?
In your experience, is cross site Scripting the main type of vulnerability you find with the OWASP Zap Scanner? Or have you found others as well? Btw, for those who want a basic understanding of cross site Scripting, you can go to the following link: https://www.smithsec.net/posts/basic-website-hacking-cross-site-scripting-xss More on reddit.com
is OWASP ZAP good enough for bug bounties or pentesting or would I need to have Burp Suite to have any success?
Don’t want to be rude, but as long as you can’t figure out by yourself if you should not put money into something you are probably don’t require it. It is part of the capability to understand the difference between tools and whether you require a payed version or not (for now)… In the end the tool does not decide whether you are good skillwise or not. It may only limit you somewhere and if you reach this point you are able to decide by yourself and only then it’s actually required. I even sometimes have the feeling the learning curve flattens if people rely on easy to use tools instead of understanding what’s happening .. More on reddit.com
OWASP ZAP
I was recently looking for softwares that i can use to test web applications when i came across OWASP ZAP. Quickly booted my kali to learn that it… More on reddit.com
Does spidering using owasp zap block us from the site?
Yes. Any automated tool runs the risk of being detected. Your question should be, if this is true, how can I prevent. Think creatively on what is likely getting detected and how you can automate traffic to look real.... Slow it down... Rotate IPs..... Stop guessing bullshit routes.... Chances are you're going to get caught using any normal spider tool that is brute force guessing routes.... More on reddit.com
What are the key features of OWASP ZAP?
OWASP ZAP offers a variety of features, including automated scanner, advanced manual testing tools, API support, scriptable and automation capabilities, and numerous add-ons and integrations. ·
wallarm.com
wallarm.com › what › owasp-zap-zed-attack-proxy
What is OWASP Zed Attack Proxy (ZAP)?
How can OWASP ZAP help protect my website from security threats?
"According to a recent report, OWASP ZAP is the most popular web application scanner among developers. It can detect a wide range of vulnerabilities, including XSS, SQL injection, and directory traversal attacks. By utilizing OWASP ZAP, developers can identify and remediate security vulnerabilities before they are exploited by attackers." Github repository
wallarm.com
wallarm.com › what › owasp-zap-zed-attack-proxy
What is OWASP Zed Attack Proxy (ZAP)?
Is OWASP ZAP difficult to install and use?
OWASP ZAP has a user-friendly interface and is easy to install on most operating systems. However, some advanced features may require some level of technical expertise to navigate.
wallarm.com
wallarm.com › what › owasp-zap-zed-attack-proxy
What is OWASP Zed Attack Proxy (ZAP)?
Videos
11:00
Part 17 - Introduction to OWASP ZAP: Beginner’s Guide to Web ...
58:10
Getting Started with OWASP ZAP - YouTube
08:49
Learn OWASP ZAP In 8 Minutes - Automated Hacking Tool - YouTube
10:48
OWASP ZAP For Beginners | Active Scan - YouTube
03:27
OWASP-ZAP : Web Application Security Vulnerabilities Scanner | ...
13:59
OWASP ZAP 101 - YouTube
OWASP
owasp.org › www-chapter-dorset › assets › presentations › 2020-01 › 20200120-OWASPDorset-ZAP-DanielW.pdf pdf
Zed Attack Proxy (ZAP) Daniel W – OWASP Chapter Lead
OWASP Dorset on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
GitHub
github.com › zaproxy › zaproxy
GitHub - zaproxy/zaproxy: The ZAP by Checkmarx Core project · GitHub
Starred by 15.4K users
Forked by 2.6K users
Languages Java 73.2% | HTML 25.6% | Python 1.1% | Shell 0.1% | Lex 0.0% | Perl 0.0%
Wikipedia
en.wikipedia.org › wiki › ZAP_(software)
ZAP (software) - Wikipedia
January 6, 2026 - ZAP was originally forked from Paros which was developed by Chinotec Technologies Company. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros. The first release was announced on Bugtraq in September 2010, and became an OWASP project a few ...
StackHawk
stackhawk.com › stackhawk, inc. › tooling guides › owasp zap (zed attack proxy): everything you need to know
OWASP ZAP (Zed Attack Proxy): Everything You Need to Know
March 4, 2026 - ZAP (Zed Attack Proxy, also known as OWASP ZAP) is a popular free security tool designed to help identify security vulnerabilities in web applications. Actively maintained by an international team of volunteers, ZAP is widely used by developers, functional testers, and experienced penetration testers.
OWASP
mas.owasp.org › MASTG › tools › network › MASTG-TOOL-0079
MASTG-TOOL-0079: ZAP (Zed Attack Proxy) - OWASP Mobile Application Security
ZAP (Zed Attack Proxy) is a free security tool which helps to automatically find security vulnerabilities in web applications and web services.
ZAP
zaproxy.org › download
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
ZAP
zaproxy.org › docs › scans
ZAP – ZAP Scans
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
SourceForge
sourceforge.net › projects › zap.mirror
ZAP download | SourceForge.net
This is an exact mirror of the ZAP project, hosted at https://github.com/zaproxy/zaproxy. SourceForge is not affiliated with ZAP. ... The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers.
OWASP Foundation
owasp.org › www-project-web-security-testing-guide › v41 › 6-Appendix › A-Testing_Tools_Resource
WSTG - v4.1 | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners.Accept ... The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.