OWASP ZAP
web security
One of the world's most popular free security tools. Find security vulnerabilities in web applications during development and testing.
web testingfreeOWASP
Legal & Ethical Use
- Web application security testing
- CI/CD integration
- Security training
- Authorized penetration testing
Installation
bash
$
sudo apt install zaproxyBasic Commands
bash
$
zap.sh -daemonStart ZAP in daemon mode
bash
$
zap-cli quick-scan http://target.comQuick automated scan
Advantages
- Free and open-source
- Active development
- API available
- Good documentation
Limitations
- Can be slow
- False positives
- Less polished than Burp