The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Release 2.4.2
The following changes were made in this release:
Enhancements:
- Issue 1306 : Java PermSize command line flag removed in Java 8
- Issue 1593 : Auto-scroll in Spider tab
- Issue 1600 : Dont report X-Frame-Options alert on 403 and 404 pages
- Issue 1654 : httpSessions/createEmptySession should initialize a site that was not previously visited
- Issue 1702 : Add "recurse" option to the spider API
- Issue 1715 : Unable to pass arguments when launching ZAP from the command line on Mac OS X
- Issue 1766 : Remove context via the API
- Issue 1768 : Update to use a more recent user-agent
- Issue 1778 : Passive scan AJAX spider requests
- Issue 1790 : Move Buffer Overflow Scanner from Beta to Release
- Issue 1793 : Allow active scan scripts to check if the scan was stopped
- Issue 1795 : Allow JVM options to be configured via GUI
- Issue 1799 : Minor Feature Request: Allow URL to be pasted into start Spider dialog.
- Issue 1802 : Minor Enhancement: Change active Pause Button to a Play button
- Issue 1849 : Option to merge related issues in reports
- Issue 1857 : Libraries that were updated
- Issue 1865 : Increase maximum db size
Bug fixes:
- Issue 1760 : Unable to initialize home directory! xml/config.xml (No such file or directory)
- Issue 1763 : Automatic check for updates fails to report new versions
- Issue 1770 : Exceptions when calling (some) context API actions in daemon mode
- Issue 1771 : For OSX the zap.sh in the core download hard-codes the relative java location
- Issue 1772 : On OS X, Found Java version lies
- Issue 1777 : "Cannot locate configuration source null.policy" after opening "Active Scan" dialogue
- Issue 1781 : ZAP errors with "Unsupported option '-psn_x_xxxxxxx'" on OS X
- Issue 1784 : NullPointerException when active scanning through the API with a target without scheme
- Issue 1785 : Plugin enabled even if dependencies are not, "hangs" active scan
- Issue 1787 : Context not used by the Spider even if selected
- Issue 1788 : Scan Progress Pane Needs Sorting Change
- Issue 1789 : Forced Browse/AJAX Spider messages not restored to Sites tab
- Issue 1792 : Report not generated in daemon mode
- Issue 1798 : Stop Attack Feature Locks up ZAP?
- Issue 1804 : Disable processing of XML external entities by default
- Issue 1805 : ZAP API might not return the response in requested format on errors
- Issue 1858 : Spider might report wrong progress after finishing
- Issue 1872 : EDT accessed in daemon mode