OWASP ZAP- Open Source DAST Tool


OWASP ZAP is the world’s most widely used web app scanner. Free and open source. Actively maintained by a dedicated international team of volunteers.

11 min read


What is OWASP ZAP?

OWASP ZAP is an open-source web application security scanner.

It is intended to be used by both those new to application security as well as professional penetration testers.

It is one of the most active Open Web Application Security Project (OWASP) projects and has been given Flagship status.

When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using HTTPS. It can also run in a daemon mode which is then controlled via a REST API. ZAP was originally forked from Paros, another pentesting proxy.

Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP’s source code was still from Paros

OWASP ZAP Scan result

On this page:

Leave a Reply

Your email address will not be published. Required fields are marked *