OWASP ZAP

Introduction/About

ZAP is short for Zed Attack Proxy. Before we delve into details as to what this means, what it is about, why it was created and what it can be used for, let us start by having a look at the principles of ZAP first for a better understanding.

The principles are:

• It is free, open source which means anyone can access and use it.
• It is also cross platform that is it works on Linux, Windows and Macs.
• It is easy to use; any user be it beginner or a professional can use it easily.
• It is easy to install; it requires Java Runtime Environment but everything else is included in standard downloads.
• It is fully internationalized, i.e., it has been translated to many other languages.
• It is fully documented, set of useful documents and helpline files are included.
• It works well with other tools, so that we can use other tools in conjunction with zap if we need to.
• It supports the use of well-regarded components.

These principles can be seen as the motivation behind ZAP, to summarise, it is designed to give everyone interested the chance to easily run security tests, at no cost, no matter their experience, the computer they use or the language they speak. OWASP (Open Web Application Security Project) is a non-profit organisation that publishes freely-available articles, and aside from tools like ZAP they also provide documentation and technologies that deal with web application security. A lot of other security publications refer to the OWASP publications, for example the OWASP Top 10 which is looking at the biggest security risks for organisations and which will be featured in its own chapter in this here paper later on. They also offer a Testing guide as well as a Development guide offering best practice information to those interested and many more interesting resources.