ZAP (Zed Attack Proxy)
The world's most widely used web app scanner. Free and open source.

Zed Attack Proxy (ZAP) is a free, open-source web application security scanner widely used by security professionals and developers. It offers both manual and automated options for finding vulnerabilities in web applications, with a marketplace of community-contributed add-ons to extend functionality. ZAP is a GitHub Top 1000 project maintained by an international volunteer community.
ZAP intercepts and scans web application traffic to automatically detect security issues, and can be extended with community add-ons or integrated into CI/CD pipelines via its automation features.
Security testers, penetration testers, and developers who want to scan web applications for vulnerabilities
Background.
- Status
- launched
- Business model
- open-source
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.