Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools . It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
These are the key functionalities of ZAP:
Intercepting Proxy
Automatic Scanner
Traditional but powerful spiders
Fuzzer
Web Socket Support
Plug-n-hack support
Authentication support
REST based API
Dynamic SSL certificates
Smartcard and Client Digital Certificates support
You can either use this tool as a scanner by inputting the URL to perform scanning, or you can use this tool as an intercepting proxy to manually perform tests on specific pages.
No comments:
Post a Comment