OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
It is one of the most active Open Web Application Security Project (OWASP) projects and has been given Flagship status.
When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.
It can also run in a daemon mode which is then controlled via a REST API.
Features
Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel is easy to use
How will this project improve my life?
ZAP can help you find security vulnerabilities in your web applications in test or production environments. It’s easy to automate, so you can use it to scan for security issues in your CI/CD pipeline. You don’t have to wait until your app is deployed before running a security scan on it—test it with ZAP as soon as you have something that runs