Release 1.1.0

The following changes were made in this release:

Significant changes:

OWASP rebranding

ZAP has been accepted as an OWASP project.
Its homepage is now:

Brute Force

The ability to brute force files and directories based on code from the OWASP DirBuster project.
The new Brute Force tab shows the files and directories found.

Port Scan

The ability to port scan sites.
The new Port Scan tab shows the ports found.

Active Scan tab

The new Active Scan tab shows the requests and responses as a result of actively scanning a site.

Spider tab

The Spider tab now allows you to continue using ZAP while spidering a site.
You can also pause and resume the spider.

Smartcard support

Smart card support has been added c/o the Andiparos project.
The following smartcard devices have been tested on Windows:

Safeguard Aladdin eToken
Aladdin eToken Pro
Omnikey Omnikey 3121
CardMan 6121
Gemalto Reflex 20 V2
Swiss Stick

The following smartcard devices are reported to work:

Omnikey CardMan 4040

Attack menu

The new Sites tab right click ‘Attack’ menu allows you to start various scans.

More internationalisation

All of the main tabs and menu items have now been internationalised.


Support for the following languages are built into this version:

English The default language
Brazilian Portuguese

Language selection

On start up you will be prompted to choose the language to use.
New languages are automatically detected by the presence of files with names of the form Messages_<locale>.properties in the ZAP directory.

Minor changes:

Disabled ‘default file’ plugins

The plugins which detect default files are effectively made redundant by the new brute force scanner.
These have therefore been disabled.

Scanner summaries

Counts of the number and types of the current scans are now displayed in the footer.

See also

Introduction the introduction to ZAP
Releases the full set of releases
Credits the people and groups who have made this release possible