= ZAP (software) =

ZAP by Checkmarx
- Logo: Logo of ZAP by Checkmarx.svg
- Logo Caption: Logo including Checkmarx, since 2024
- Screenshot: OWASP-ZAP.png
- Operating System: Linux, Windows, macOS
- Genre: Dynamic application security testing
- License: Apache Licence
- Language Count: 25
- Programming Language: Java

ZAP (Zed Attack Proxy) is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode, which is then controlled via a REST-based API.

== History ==
ZAP was originally forked from Paros which was developed by Chinotec Technologies Company. Simon Bennetts, the project lead, stated in 2014 that only 20% of ZAP's source code was still from Paros.

The first release was announced on Bugtraq in September 2010, and became an OWASP project a few months later. In 2023, ZAP developers moved to the Linux Foundation, where they became a part of the Software Security Project. As of September 24, 2024, all of the main developers joined Checkmarx as employees, and ZAP was rebranded as ZAP by Checkmarx.

ZAP was listed in the 2015 InfoWorld Bossie award for "The best open source networking and security software".

==Features==
Some of the built-in features include:
- An intercepting proxy server,
- Traditional and AJAX Web crawlers
- An automated scanner
- A passive scanner
- Forced browsing
- A fuzzer
- WebSocket support
- Scripting languages
- Plug-n-Hack support
==See also==

- Web application security
- Burp suite
- W3af
- Fiddler (software)
