View on GitHub


The OWASP Zed Attack Proxy

Download this project as a .zip file Download this project as a tar.gz file


The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

ZAP in Ten - Video series

An ongoing series of up to 10 minute videos about ZAP, starting with the basics.
The first episode is:
ZAP in Ten - Welcome
And the full series is available here:
ZAP in Ten - Watch the full series


This is a temporary page while we are working on an all new ZAP website.
Most of the content linked to from this page is on other sites, with the exception of:

Please help us to make ZAP even better for you by answering the ZAP User Questionnaire!

For general information about ZAP:

For help using ZAP:

To learn more about ZAP development: