Friday, October 8, 2010

OWASP Zed Attack Proxy Project

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

ZAP is a fork of the well regarded Paros Proxy.


Very cool idea, especially since active development on Paros stopped about 4 years ago (2006).

While I don't do as much webapp testing as I used to, I still use Paros for simple checks on both my Windows and OSX boxes. Now, I will replace those installs with Zed.

The roadmap for Zed includes future enhancements  - like pulling features from DirBuster (forced file / directory brute-forcing) and fuzzing features from JBroFuzz.

No comments:

Post a Comment