ZAP (Zed Attack Proxy)

zaproxy.org

The world's most widely used web app scanner. Free and open source.

Visit
ZAP (Zed Attack Proxy) screenshot
/ About /

Zed Attack Proxy (ZAP) is a free, open-source web application security scanner widely used by security professionals and developers. It offers both manual and automated options for finding vulnerabilities in web applications, with a marketplace of community-contributed add-ons to extend functionality. ZAP is a GitHub Top 1000 project maintained by an international volunteer community.

/ How it works /

ZAP intercepts and scans web application traffic to automatically detect security issues, and can be extended with community add-ons or integrated into CI/CD pipelines via its automation features.

/ Who it's for /

Security testers, penetration testers, and developers who want to scan web applications for vulnerabilities

/ More info /

Background.

Status
launched
Business model
open-source
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.