OWASP ZAP
Featured · Open Source
Free open-source web application security scanner with active scanning and fuzzing.
| Category | Bug Bounty & Offensive Security |
|---|---|
| Pricing | Free/OSS |
| Rating | ★★★★ 4.5 / 5 |
| License | Open Source |
Detailed Review
OWASP ZAP is the world most popular free web application security scanner. It acts as a man-in-the-middle proxy for intercepting and modifying traffic. Features include automated active and passive scanning, spidering, fuzzing, WebSocket support, AJAX crawling, and a scripting engine. Excellent for CI/CD integration via its API and GitHub Actions. Ideal for developers testing their own apps and DevSecOps pipelines. Free and open-source with hundreds of community add-ons.