Third Party Products and Services which use or integrate with ZAP.
Note that these are not endorsed by the ZAP team.
Services (Supportive)
Services that use ZAP, and have either supported ZAP or are open source.
Jit | Commercial | ZAP Supporter |
SOOS | Commercial | ZAP Supporter |
Astra | Commercial | ZAP Supporter |
DeepFactor | Commercial, free community edition | ZAP Supporter |
Tecvity | Software Services Provider | ZAP Supporter |
HostedScan | Commercial, free option | ZAP Supporter |
Intruder | Commercial | ZAP Supporter |
IOTHREAT | Commercial | ZAP Supporter |
Probely | Commercial, free option | ZAP Supporter |
StackHawk | Commercial, free option | ZAP Supporter |
SecureCodeBox | Free, open source | OWASP Tool |
ArcherySec | Free, open source | |
DAST Operator | Free, open source | |
Ostorlab | Free, open source | |
Rekono | Free, open source | |
RedHat RapiDAST | Free, open source | |
SecHub | Free, open source | |
PurpleTeam-Labs | Commercial, free option, open source | OWASP Tool |
Alertflex | Commercial, free community edition, open source | |
BDD Security | Free, open source | No longer maintained? |
Microsoft RAFT | Free, open source | No longer maintained |
Seccubus | Free, open source | No longer maintained? |
Integrations
Products and services that can import ZAP results.
ThreadFix | Commercial | ZAP Supporter |
DefectDojo | Free, open source | OWASP Tool |
Dradis | Open source community edition | |
Faraday | Open source community edition | |
Sn1per | Open source community edition | |
AppSec Phoenix | Commercial, free option | |
Harness | Commercial, free option | |
Uleska | Commercial, free option | |
ArmorCode | Commercial | |
Edgescan | Commercial | |
Kondukto | Commercial | |
Nucleus | Commercial | |
PlexTrac | Commercial | |
Riscosity | Commercial | |
Sn1per Pro | Commercial | |
Strobes Security | Commercial | |
Virtuoso | Commercial | |
Lombiq UI Testing Toolbox for Orchard Core | Free, open source | UI testing library for the ASP.NET Core web CMS and framework Orchard Core (https://orchardcore.net/) |
Training
ZAP related training courses.
The XSS Rat | Fully FREE @OWASP ZAP Course | |
AppSec Engineer | DAST Automation with OWASP ZAP | |
Coursera | Web Application Security Testing with OWASP ZAP | |
Cycubix | Web Application Security Essentials | |
Cybrary | OWASP ZAP Tool | |
Eduonix | PenTesting with OWASP ZAP: mastery course | |
Everable | Automated DAST in CI/CD using OWASP ZAP | |
Pluralsight | ZAP Getting Started Course | |
Pluralsight | Automate Web Application Scans with OWASP ZAP and Python | |
Pluralsight | Writing Custom Scripts for OWASP Zed Attack Proxy | |
TCM Security | Practical Web Application Security Testing | |
Udemy | OWASP ZAP From Scratch |
Books
Books that significantly feature ZAP.
Amazon.com | Zed Attack Proxy Cookbook | |
Amazon.co.jp | OWASP ZAP: GitHub Actions |
Services (Unsupportive)
Services that use ZAP, but are closed source and do not support ZAP in any way. If you use these services please ask the companies behind them how they plan to support the ZAP project!
Aikido | Commercial, free option | |
Cyber Tzar | Commercial, free option | |
Idyllum | Commercial, free option | |
Levo.ai | Commercial, free option | |
PatrOwl | Commercial, free for open source projects | |
Sken.ai | Commercial, free option | |
Blacklock | Commercial | |
Checkmarx DAST | Commercial | |
GitLab | Commercial | |
Forward Security | Commercial | |
NamicSoft | Commercial | |
Scan Factory | Commercial | |
Traceable | Commercial |