OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v1.3.4

Minor changes:

  • Issue 146 : Inverse regex on search plus fuzz match highlighting
  • Issue 202 : Option to turn off brute force recursion
  • Issue 215 : Allow custom brute force files to be added easily
  • Also added the ability to set the default brute force file.
  • Issue 217 : Invoke apps – add support for cookies and post data params
  • Issue 218 : Allow users to easily add their own fuzzer files
  • Also added the option to append the output to a Note related to the relevant entry.

 

Bug fixes:

  • Issue 56 : Disable POST reqs in Spider
  • Issue 186 : Connection Options – Prompt for proxy credentials on start up / Address validation not empty
  • Issue 188 : Problem upgrading ZAP on linux and Windows
  • Issue 191 : Exception when the URL contains escaped characters
  • Issue 196 : Multiple dialogs of the same option, opened simultaneously, do not work properly.
  • Issue 199 : Vulnerabilities with texts truncated
  • Issue 204 : Search on headers only finds regex in requests
  • Issue 206 : Exception in “Alerts” tab when choosing a popup option
  • Issue 214 : No alert message when saving report in a read only location
  • Issue 216 : Exception when an URI doesn’t have the path component
  • Issue 219 : Break and ignore urls by default include GET/POST
  • Issue 220 : Incorrect message: Password (stored in clear text)

Download OWASP ZAProxy v1.3.4

 

Download Post in PDF Save Post as PDF