ZAP Desktop User Guide

Welcome to the Zed Attack Proxy (ZAP) Desktop User Guide.

This is available both as context sensitive help within ZAP and online at

ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

ZAP can also be run in a completely automated way - see the ZAP website for more details.

If you are new to ZAP then its recommended that you look at the Getting Started section.

ZAP is a fork of the open source variant of the Paros Proxy.

See also

Getting Started for details of how to start using ZAP
Features for details of various features provided by ZAP
UI Overview for an overview of the User Interface
Command Line for the command line options available
Releases for details of the changes made in ZAP releases
Credits for the list of people who have contributed to ZAP
Main ZAP website
Wikipedia entry for proxies

Official Videos An ever growing collection of ZAP videos