This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
2.7.0 / 28 November 2017
|Operating system||Linux, Windows, OS X|
OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.
It can also run in a ‘daemon’ mode which is then controlled via a REST Application programming interface.
Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. The GUI control panel is easy to use. 
- One of the OWASP tools referred to in the 2015 Bossie award for The best open source networking and security software
- Second place in the Top Security Tools of 2014 as voted by ToolsWatch.org readers
- Top Security Tool of 2013 as voted by ToolsWatch.org readers
- Toolsmith Tool of the Year for 2011
- Web application security
- OWASP Open Web Application Security Project
- Burp suite
- Fiddler (software)
- "Open Web Application Security Project (OWASP)". Openhub.net. Retrieved 3 November 2014.
- "OWASP Project Inventory". Owasp.org. Retrieved 3 November 2014.
- "OWASP ZAP". Crowdin.com. Retrieved 3 November 2014.
- "TECHNOLOGY RADAR Our thoughts on the technology and trends that are shaping the future" (PDF). Thoughtworks.com. Retrieved 6 May 2015.
- Marcel Birkner. "Automated Security Testing Web Applications Using OWASP Zed Attack Proxy". Retrieved 22 November 2016.
- InfoWorld. "Bossie Awards 2015: The best open source networking and security software". Infoworld.com. Retrieved 21 September 2015.
- "ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers". Toolswatch.org. Retrieved 16 January 2015.
- "ToolsWatch.org – The Hackers Arsenal Tools Portal » 2013 Top Security Tools as Voted by ToolsWatch.org Readers". Toolswatch.org. Retrieved 3 November 2014.
- Russ McRee. "HolisticInfoSec: 2011 Toolsmith Tool of the Year: OWASP ZAP". Holisticinfosec.blogspot.com. Retrieved 3 November 2014.