Third Party Products and Services which use or integrate with ZAP.
Note that these are not endorsed by either OWASP or the ZAP team.
Services (supportive)
Services that use ZAP, and either support ZAP or are open source.
![]() |
Commercial | ZAP Platinum Supporter |
![]() |
Commercial | ZAP Silver Supporter |
![]() |
Commercial | ZAP Silver Supporter |
![]() |
Commercial, free community edition | ZAP Silver Supporter |
HostedScan | Commercial, free option | ZAP Bronze Supporter |
Intruder | Commercial | ZAP Bronze Supporter |
IOTHREAT | Commercial | ZAP Bronze Supporter |
StackHawk | Commercial, free option | ZAP Bronze Supporter |
SecureCodeBox | Free, open source | OWASP Tool |
ArcherySec | Free, open source | |
DAST Operator | Free, open source | |
Ostorlab | Free, open source | |
Rekono | Free, open source | |
RedHat RapiDAST | Free, open source | |
SecHub | Free, open source | |
PurpleTeam-Labs | Commercial, free option, open source | OWASP Tool |
Alertflex | Commercial, free community edition, open source | |
BDD Security | Free, open source | No longer maintained? |
Microsoft RAFT | Free, open source | No longer maintained |
Seccubus | Free, open source | No longer maintained? |
Integrations
Products and services that can import ZAP results.
ThreadFix | Commercial | ZAP Bronze Supporter |
DefectDojo | Free, open source | OWASP Tool |
Dradis | Open source community edition | |
Faraday | Open source community edition | |
Sn1per | Open source community edition | |
AppSec Phoenix | Commercial, free option | |
Uleska | Commercial, free option | |
ArmorCode | Commercial | |
Edgescan | Commercial | |
Kondukto | Commercial | |
PlexTrac | Commercial | |
Sn1per Pro | Commercial | |
Strobes Security | Commercial | |
Virtuoso | Commercial |
Training
ZAP related training courses.
The XSS Rat | Fully FREE @OWASP ZAP Course | |
AppSec Engineer | DAST Automation with OWASP ZAP | |
Coursera | Web Application Security Testing with OWASP ZAP | |
Cycubix | Web Application Security Essentials | |
Cybrary | OWASP ZAP Tool | |
Eduonix | PenTesting with OWASP ZAP: mastery course | |
Everable | Automated DAST in CI/CD using OWASP ZAP | |
Pluralsight | ZAP Getting Started Course | |
Pluralsight | Automate Web Application Scans with OWASP ZAP and Python | |
Pluralsight | Writing Custom Scripts for OWASP Zed Attack Proxy | |
TCM Security | Practical Web Application Security Testing | |
Udemy | OWASP ZAP From Scratch |
Books
Books that significantly feature ZAP.
Amazon.com | Zed Attack Proxy Cookbook | |
Amazon.co.jp | OWASP ZAP: GitHub Actions |
Services (unsupportive)
Services that use ZAP, but are closed source and do not support ZAP in any way. If you use these services please ask the companies behind them how they plan to support ZAP!
Cyber Tzar | Commercial, free option | |
Idyllum | Commercial, free option | |
Levo.ai | Commercial, free option | |
PatrOwl | Commercial, free for open source projects | |
Probely | Commercial, free option | |
Sken.ai | Commercial, free option | |
Blacklock | Commercial | |
Checkmarx DAST | Commercial | |
GitLab | Commercial | |
Forward Security | Commercial | |
NamicSoft | Commercial | |
Nucleus | Commercial | |
Scan Factory | Commercial | |
Traceable | Commercial |