The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and
as such is ideal for developers and functional testers who are new to
penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find
security vulnerabilities manually.
