OWASP Zed Attack Proxy (ZAP) presented at OWASP AppSecAsiaPac 2012

by Simon Bennetts,

Tags: Security

Summary : The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has been identified by the OWASP Global Projects Committee as a flagship OWASP project.
ZAP is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as experienced pentesters. It has comprehensive help pages, is fully internationalized and has been translated into 11 languages.
A fork of the well regarded Paros Proxy, it was first released in September 2010 and the last version (1.3.4) has been downloaded over 13,000 times.
This talk will:
Explain why ZAP was released.
Show what it can do.
Detail the new features included in ZAP 1.4, which is planned to be released before this conference.
Describe how you can easily build extensions to ZAP which have full access to all of its functionality.