OWASP ZAP Desktop User Guide

Welcome to the OWASP Zed Attack Proxy (ZAP) Desktop User Guide.

This is available both as context sensitive help within ZAP and online at https://www.zaproxy.org/docs/desktop/

ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

If you are new to ZAP then its recommended that you look at the Getting Started section.

ZAP is a fork of the open source variant of the Paros Proxy.

See also

Getting Started for details of how to start using ZAP
Features for details of various features provided by ZAP
UI Overview for an overview of the User Interface
Command Line for the command line options available
Releases for details of the changes made in ZAP releases
OWASP ZAP homepage
Wikipedia entry for proxies