OWASP ZAP provides users with useful and performant penetration testing tools for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and certainly is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
What's New in This Release:
An integrated add-ons marketplace:
· ZAP can be extended by add-ons that have full access to all of the ZAP internals. Anyone can write add-ons and upload them to the ZAP Add-on Marketplace (OK, so its a Google code project called zap-extensions, but you get the idea).
· More importantly you can now browse, download and install those add-ons from within ZAP. Most add-ons can be dynamically installed (and uninstalled) so you wont even need a restart.
· You can choose to be notified of updates, and even be automatically updated. And as the scan rules are now implemented as add-ons you can get the latest rules as soon as they are published.
A replacement for the 'standard' Spider:
· The 'old' Spider was showing its age, so its been completely rewritten, and is much faster and more comprehensive than the old one. This is still a 'traditional' spider that analyses the HTML code for any links it can find.
A new 'Ajax' spider:
· In addition to the 'traditional' spider we've added an Ajax spider w...