OWASP ZAP (short for Zed Attack Proxy) is an open-source web security scanner application. It is intended to be used by both those and other professionals. It is one of the most active OWASP projects and has been given Flagship status. It is also fully internationalized and is in translation. When used as a proxy server it allows the user to manipulate all the traffic that passes through it, including traffic using https. It can also run in a ‘daemon’ mode which is then controlled via a REST Application programming interface. This cross-platform tool is written in Microsoft Windows, Linux and Mac OS X. ZAP was added to the ThoughtWorks Technology Radar in May 2015 in the Trial ring.
Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an ‘online marketplace’ that allows you to add new features. The GUI control panel is easy to use.