Web Application Security

OWASP ZAP 2.7.0 – Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
For general information about ZAP:
  • Home page – the official ZAP page on the OWASP wiki (includes a donate button;)
  • Twitter – official ZAP announcements (low volume)
  • Blog – official ZAP blog
  • Monthly Newsletters – ZAP news, tutorials, 3rd party tools and featured contributors
  • Swag! – official ZAP swag that you can buy, as well as all of the original artwork released under the CC License
For help using ZAP:
Information about the official ZAP Jenkins plugin:
To learn more about ZAP development: