O
OWASP ZAP
by The ZAP Development Team
Empower your web security testing with OWASP ZAP – the free, open-source tool for vulnerability discovery.
4.50
(150 reviews)
DAST Tools
Free
Verified
Description
OWASP Zed Attack Proxy (ZAP) is a leading open-source tool designed for web application security testing. It enables users to automatically detect vulnerabilities while providing a user-friendly interface for both beginners and experienced security professionals. With powerful features like automated scanning, manual testing tools, and extensive community support, ZAP is perfect for integrating security into your development workflow. Its flexibility and extensibility through add-ons make it a comprehensive solution for ensuring robust application security.
Key Features
- Free and open-source
- Cross-platform support including Docker
- Automated and manual testing tools
- Extensible with community add-ons
- User-friendly interface for all skill levels
- Powerful API for integration
- Active community support and regular updates
- Comprehensive documentation and tutorials
Vulnerability Types Detected
xss
sql injection
csrf
command injection
information disclosure
security misconfiguration
credential leaks
business logic flaws
path traversal
remote file inclusion
token misuse
Technical Information
Supported Platforms:
Windows
Unix/Linux
macOS
Languages:
Java
Python
JavaScript
Deployment:
On-premise
Support Level:
Community Support
Quick Actions
Tool Information
| Category: | DAST Tools |
| License: | Free |
| Vendor: | The ZAP Development Team |
| Views: | 2500 |
| Added: | Jul 06, 2025 |
Compliance Standards
OWASP
PCI DSS
ISO 27001
GDPR
NIST 800-53
SOC 2
Tags
free
open-source
web-application-security
penetration-testing
community-supported
automated-scanning
vulnerability-assessment
dynamic-application-security-testing
security-testing
api-security