OWASP ZAPThe OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Vote for ZAP in the Toolswatch Top Security Tools of 2015 survey.
For general information about ZAP:
- Home page - the official ZAP page on the OWASP wiki (includes a donate button;)
- Twitter - official ZAP announcements (low volume)
- Blog - official ZAP blog
- Monthly Newsletters - ZAP news, tutorials, 3rd party tools and featured contributors
For help using ZAP:
- Getting Started Guide (pdf) - an introductory guide you can print
- Tutorial Videos
- Frequently Asked Questions
- User Guide - online version of the User Guide included with ZAP
- User Group - ask questions about using ZAP
- Add-ons - help for the optional add-ons you can install
- StackOverflow - because some people use this for everything ;)
To learn more about ZAP development:
- Source Code - for all of the ZAP related projects
- Wiki - lots of detailed info
- Developer Group - ask questions about the ZAP internals
- Crowdin (GUI) - help translate the ZAP GUI
- Crowdin (User Guide) - help translate the ZAP User Guide
- OpenHub - FOSS analytics
- BountySource - Vote on ZAP issues (you can also donate money here, but 10% taken out)