OWASP ZAP provides users with useful and performant penetration testing tools for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and certainly is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
What's New in This Release:
Major changes:
· Scripts: support multiple scripts and embedding within ZAP components
· Support for Mozilla Zest
· Support for Mozilla Plug-n-Hack
Minor changes:
· Support scanning of XML requests
· Add CWE and WASC numbers to issues
· Custom http break points with more options
· Options to hide tabs / windows
· Upgrade script console to support non textbased scripting languages
· Create a new root CA when first run
· Allow host to be set via the command line
Bug Fixes:
· Http panels default to hex view
· The save session api does not allow to overwrite session already has same name
· URLCanonicalizer.getCanonicalURL produces URIs "half" decoded
· URLCanonicalizer.buildCleanedParametersURIRepresentation returns URIs in percent-encoded form and decoded
· Shutdown after a big scan takes too long (deleting ascan records)
· API encoding issues
· NullPointerException while proxying with a URI with an empty path component
· JSONException while calling an API action without the required parameter(s)
· Certificate algorithm c...