OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

Monday, April 09, 2012



OWASP has announced the release of an updated and improved Zed Attack Proxy (ZAP) 1.4.0 multi-function network security tool.

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications," the OWASP project flyer states.

"It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing, as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually," the flyer continues.

According to SECLists.org, the new version includes:

  • Syntax highlighting
  • fuzzdb integration
  • Parameter analysis
  • Enhanced XSS scanner
  • A port of some of the Watcher checks
  • Plugable extensions

Other functionalities include:

  • Intercepting proxy
  • Automated scanner
  • Passive scanner
  • Brute force scanner
  • Spider
  • Fuzzer
  • Port scanner
  • Dynamic SSL Certificates
  • API
  • Beanshell integration

The tool can be downloaded at no cost from the OWASP ZAP page here:

The following is an introductory tutorial video for ZAP with Simon Bennetts:


More information on ZAP 1.4.0 can be found here:

Possibly Related Articles:
OWASP Hacking Scanners Tools Penetration Testing Headlines Network Security Tutorial Zed Attack Proxy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.