Third Party Products and Services which use or integrate with ZAP.
Note that these are not endorsed by the ZAP team.
Services (Supportive)
These companies use ZAP, and do the right thing by paying for a Support Package - these will help us become sustainable.If you are interested in a commercial product based on ZAP then please check them out.
NightVision | Commercial | ZAP Supporter |
SOOS | Commercial | ZAP Supporter |
Services (Unsupportive)
These companies use ZAP but do not currently support us in any way (except where noted).If you already use one of these services then please encourage them to support us financially.
If you are looking for commercial DAST solution then please first consider one of the companies that support us financially, listed above.
Astra | Commercial | Limited GitHub sponsorship |
HostedScan | Commercial, free option | Limited GitHub sponsorship |
Tecvity | Software Services Provider | Ongoing code contributions |
Aikido | Commercial, free option | |
Blacklock | Commercial | |
Checkmarx DAST | Commercial | |
Cyber Tzar | Commercial, free option | |
DeepFactor | Commercial, free community edition | |
Idyllum | Commercial, free option | |
Forward Security | Commercial | |
Intruder | Commercial | |
IOTHREAT | Commercial | |
Probely | Commercial, free option | |
Jit | Commercial | |
Levo.ai | Commercial, free option | |
NamicSoft | Commercial | |
PatrOwl | Commercial, free for open source projects | |
Scan Factory | Commercial | |
Sken.ai | Commercial, free option | |
StackHawk | Commercial, free option | |
Traceable | Commercial |
Open Source Services
Open Source projects which use ZAP.SecureCodeBox | Free, open source | OWASP Tool |
ArcherySec | Free, open source | |
DAST Operator | Free, open source | |
Ostorlab | Free, open source | |
Rekono | Free, open source | |
RedHat RapiDAST | Free, open source | |
SecHub | Free, open source | |
PurpleTeam-Labs | Commercial, free option, open source | OWASP Tool |
Alertflex | Commercial, free community edition, open source | |
BDD Security | Free, open source | No longer maintained? |
Microsoft RAFT | Free, open source | No longer maintained |
Seccubus | Free, open source | No longer maintained? |
Integrations
Products and services that can import ZAP results.
DefectDojo | Free, open source | OWASP Tool |
Dradis | Open source community edition | |
Faraday | Open source community edition | |
Sn1per | Open source community edition | |
AppSec Phoenix | Commercial, free option | |
Harness | Commercial, free option | |
Uleska | Commercial, free option | |
ArmorCode | Commercial | |
Edgescan | Commercial | |
Kondukto | Commercial | |
Nucleus | Commercial | |
PlexTrac | Commercial | |
Riscosity | Commercial | |
Sn1per Pro | Commercial | |
Strobes Security | Commercial | |
ThreadFix | Commercial | |
Virtuoso | Commercial | |
Lombiq UI Testing Toolbox for Orchard Core | Free, open source | UI testing library for the ASP.NET Core web CMS and framework Orchard Core (https://orchardcore.net/) |
Training
ZAP related training courses.
The XSS Rat | Fully FREE @OWASP ZAP Course | |
AppSec Engineer | DAST Automation with OWASP ZAP | |
Coursera | Web Application Security Testing with OWASP ZAP | |
Cycubix | Web Application Security Essentials | |
Cybrary | OWASP ZAP Tool | |
Eduonix | PenTesting with OWASP ZAP: mastery course | |
Everable | Automated DAST in CI/CD using OWASP ZAP | |
Pluralsight | ZAP Getting Started Course | |
Pluralsight | Automate Web Application Scans with OWASP ZAP and Python | |
Pluralsight | Writing Custom Scripts for OWASP Zed Attack Proxy | |
TCM Security | Practical Web Application Security Testing | |
Udemy | OWASP ZAP From Scratch |
Books
Books that significantly feature ZAP.
Amazon.com | Zed Attack Proxy Cookbook | |
Amazon.co.jp | OWASP ZAP: GitHub Actions |