ZAP is an easy to use integrated penetration testing ( Pentesting ) tool for finding vulnerabilities in web applications. It is the world most well known tool for security testing and it help developer to to test app while developing and testing to make sure that the app cannot be attacked.

Some of ZAP's functionality:

  • Intercepting Proxy
  • Traditional and AJAX spiders
  • Automated scanner- Passive scanner- Forced browsing- Fuzzer
  • Dynamic SSL certificates
  • Smartcard and Client Digital Certificates support
  • Web sockets support
  • Support for a wide range of scripting languages
  • Plug-n-Hack support
  • Authentication and session support
  • Powerful REST based API
  • Automatic updating option
  • Integrated and growing marketplace of add-ons