The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and certainly is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
What's New in This Release:
Bug fixes:
· Issue 297 : Exclusions not honored
· Issue 298 : Content-Length header is not properly update
· Issue 306 : Change zap.sh memory setting
· Issue 307 : ConcurrentModificationException when openning a big session
· Issue 308 : ZAP in daemon mode exits when you save a session
· Issue 309 : Client API cant cope with Informational risk
· Issue 312 : Increase the maximum number of scanning threads allowed
· Issue 314 : Handle very large results more cleanly
· Issue 315 : XSS false positive - injecting into an input src when the type is not 'image'
· Issue 319 : Spider progress not reported correctly via the API
· Issue 320 : AScan can miss subtrees if invoked via the API
· Issue 337 : Increase jvm permsize