“The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.”
Minor changes:
Issue 146 : Inverse regex on search plus fuzz match highlighting
Issue 202 : Option to turn off brute force recursion in ZAProxy
Issue 215 : Allow custom brute force files to be added easily. Also added the ability to set the default brute force file.
Issue 217 : Invoke apps – add support for cookies and post data params
Issue 218 : Allow users to easily add their own fuzzer files. Also added the option to append the output to a Note related to the relevant entry.
Some of ZAP's features:
Official change log for ZAProxy 1.3.4:
Minor changes:
Issue 146 : Inverse regex on search plus fuzz match highlighting
Issue 202 : Option to turn off brute force recursion in ZAProxy
Issue 215 : Allow custom brute force files to be added easily. Also added the ability to set the default brute force file.
Issue 217 : Invoke apps – add support for cookies and post data params
Issue 218 : Allow users to easily add their own fuzzer files. Also added the option to append the output to a Note related to the relevant entry.
- Intercepting Proxy
- Active scanner
- Passive scanner
- Brute Force scanner
- Spider
- Fuzzer
- Port Scanner
- Dynamic SSL certificates
- API
- Beanshell integration