http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
ZAP is a fork of the well regarded Paros Proxy.
-------------------------------------------------------------------------------------------------------
Very cool idea, especially since active development on Paros stopped about 4 years ago (2006).
While I don't do as much webapp testing as I used to, I still use Paros for simple checks on both my Windows and OSX boxes. Now, I will replace those installs with Zed.
The roadmap for Zed includes future enhancements - like pulling features from DirBuster (forced file / directory brute-forcing) and fuzzing features from JBroFuzz.
No comments:
Post a Comment