The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
For general information about ZAP:
- Home page – the official ZAP page on the OWASP wiki (includes a donate button;)
- Twitter – official ZAP announcements (low volume)
- Blog – official ZAP blog
- Monthly Newsletters – ZAP news, tutorials, 3rd party tools and featured contributors
- Swag! – official ZAP swag that you can buy, as well as all of the original artwork released under the CC License
For help using ZAP:
- Getting Started Guide (pdf) – an introductory guide you can print
- Tutorial Videos
- Articles – that go into ZAP features in more depth
- Frequently Asked Questions
- User Guide – online version of the User Guide included with ZAP
- User Group – ask questions about using ZAP
- IRC: irc.mozilla.org #websectools (eg using Mibbit) – chat with core ZAP developers (European office hours usually best)
- Add-ons – help for the optional add-ons you can install
- StackOverflow – because some people use this for everything 😉
Information about the official ZAP Jenkins plugin:
To learn more about ZAP development:
- Source Code – for all of the ZAP related projects
- Wiki – lots of detailed info
- Developer Group – ask questions about the ZAP internals
- Crowdin (GUI) – help translate the ZAP GUI
- Crowdin (User Guide) – help translate the ZAP User Guide
- OpenHub – FOSS analytics
- BountySource – Vote on ZAP issues (you can also donate money here, but 10% taken out)
- Bug Bounty Program – please use this to report any potential vulnerabilities you find in ZAP
