The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Vote for ZAP in the Toolswatch Top Security Tools of 2015 survey.
For general information about ZAP:
- Home page - the official ZAP page on the OWASP wiki (includes a donate button;)
- Twitter - official ZAP announcements (low volume)
- Blog - official ZAP blog
- Monthly Newsletters - ZAP news, tutorials, 3rd party tools and featured contributors
For help using ZAP:
- Getting Started Guide (pdf) - an introductory guide you can print
- Tutorial Videos
- Frequently Asked Questions
- User Guide - online version of the User Guide included with ZAP
- User Group - ask questions about using ZAP
- Add-ons - help for the optional add-ons you can install
- StackOverflow - because some people use this for everything ;)
To learn more about ZAP development:
- Source Code - for all of the ZAP related projects
- Wiki - lots of detailed info
- Developer Group - ask questions about the ZAP internals
- Crowdin (GUI) - help translate the ZAP GUI
- Crowdin (User Guide) - help translate the ZAP User Guide
- OpenHub - FOSS analytics
- BountySource - Vote on ZAP issues (you can also donate money here, but 10% taken out)