The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and certainly is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
What's New in This Release:
Minor changes:
· Issue 146 : Inverse regex on search plus fuzz match highlighting
· Issue 202 : Option to turn off brute force recursion
· Issue 215 : Allow custom brute force files to be added easily
· Also added the ability to set the default brute force file.
· Issue 217 : Invoke apps - add support for cookies and post data params
· Issue 218 : Allow users to easily add their own fuzzer files
· Also added the option to append the output to a Note related to the relevant entry.
Bug fixes:
· Issue 56 : Disable POST reqs in Spider
· Issue 186 : Connection Options - Prompt for proxy credentials on start up / Address validation not empty
· Issue 188 : Problem upgrading ZAP on linux and Windows
· Issue 191 : Exception when the URL contains escaped characters
· Issue 196 : Multiple dialogs of the same option, opened simultaneously, do not work properly.
· Issue 199 : Vulnerabilities with texts truncated
· Issue 204 : Search on headers only finds regex in requests
· Issue 206 : Exception in "Alerts" tab when choosing...