The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and certainly is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
What's New in This Release:
Significant changes:
· Issue 133: Add Syntax highlighting to Response Panel
· The HTML panels now support switchable syntax highlighting.
· Issue 153: fuzzdb integration
· The fuzzer includes fuzzdb (http://code.google.com/p/fuzzdb/) fuzzing files. Note that some fuzzdb files have been left out as they cause common anti virus scanners to flag them as containing viruses. You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the 'fuzzers' library.
· Issue 212: Parameter analysis
· A new Params tab shows a summary of all of the parameters a site has used.
· Issue 228: Enhanced XSS scanner
· The Cross Site Scripting active scanner has been rewritten from scratch to find more potential XSS issues and report fewer false positives.
· Issue 244: Port the Watcher passive checks
The following checks have been ported from Watcher (thanks to Chris Weber for oking this):
· Check.Pasv.CrossDomain.ScriptReference.cs checks for cross-domain javascript files inclusion....