Welcome to the OWASP Zed Attack Proxy (ZAP) Desktop User Guide.
This is available both as context sensitive help within ZAP and online at https://www.zaproxy.org/docs/desktop/
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
ZAP can also be run in a completely automated way - see the ZAP website for more details.
If you are new to ZAP then its recommended that you look at the Getting Started section.
ZAP is a fork of the open source variant of the Paros Proxy.
|Getting Started||for details of how to start using ZAP|
|Features||for details of various features provided by ZAP|
|UI Overview||for an overview of the User Interface|
|Command Line||for the command line options available|
|Releases||for details of the changes made in ZAP releases|
|Credits||for the list of people who have contributed to ZAP|
|Main ZAP website|
|OWASP ZAP homepage|
|Wikipedia entry for proxies|