OWASP ZAP w2019-03-11 released: pentesting tool for finding vulnerabilities in web applications

byHacker Computer School
1
The OWASP Zed Attack Proxy (ZAP) is easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Some of ZAP’s features:
  • Open source
  • Cross-platform
  • Easy to install (just requires java 1.7)
  • Completely free (no paid for ‘Pro’ version)
  • Ease of use a priority
  • Comprehensive help pages
  • Fully internationalized
  • Translated into a dozen languages
  • Community-based, with involvement, actively encouraged
  • Under active development by an international team of volunteers
Some of ZAP’s functionality:
OWASP ZAP 2.7 has been released.
This is a bug fix and enhancement release, which requires a minimum of Java 8.
Some of the more significant enhancements include:
  • Browser launch included by default – this allows you to launch browsers from ZAP that are preconfigured to proxy through ZAP and ignore the certificate warnings due to the ZAP root certificate.
  • Allow ZAP to listen on multiple addresses/ports
  • Support Server Name Indication
  • Updated NTLM engine implementation – this fixes the cases where the domain is being validated and improves interoperability with other (server) NTLM implementations
  • Lots of new API endpoints – see below for details
  • More
Download
OWASP ZAP Tutorial
Tags:

1 Comments

  1. UnknownSeptember 26, 2019 at 6:03 AM

    Thanks for sharing helpful information on pentesting course course that teaches all the skills needed for cyber security.

    ReplyDelete
Post a Comment
Previous Post Next Post