Directory CybersecurityApplication SecurityOWASP ZAP

OWASP ZAP

Open Source

Open source web application security testing and vulnerability scanning tool

About OWASP ZAP

OWASP ZAP (Zed Attack Proxy) is a widely adopted open source security tool designed for automated and manual testing of web applications. It serves security professionals, developers, and QA teams aiming to identify vulnerabilities early in the software development lifecycle. ZAP provides comprehensive dynamic application security testing (DAST) capabilities with an intuitive interface suitable for both novices and experienced testers.

The tool supports automation and integration into CI/CD pipelines, enabling continuous security assessment. Its extensible architecture includes a marketplace of community-contributed add-ons, enhancing functionality to meet diverse security testing needs. As a community-driven project, ZAP emphasizes transparency and collaboration, making it a cost-effective solution for enterprises seeking robust application security without vendor lock-in.

Key Capabilities

✓Dynamic application security testing (DAST)
✓Automated vulnerability scanning
✓Extensible add-on marketplace
✓CI/CD pipeline integration
✓User-friendly interface for all skill levels

Integrations

CI/CD toolsSecurity automation platformsDeveloper IDEs

Other Application Security Vendors

View all

Aikido Security

Unified application security platform from code to runtime with AI-driven automation

Apiiro

Agentic AI-driven platform for proactive application security risk management

Burp Suite

Comprehensive web application security testing and vulnerability scanning.

Checkmarx

Unified AI-powered application security testing and remediation platform

Contrast Security

Advanced runtime application security with AI-driven detection and response

Endor Labs

AI-native application security platform delivering precise, actionable insights.

Related Buyer Guides

Independent evaluation frameworks for this category.

Cloud Access Security Broker (CASB)

Evaluate Netskope, Microsoft Defender for Cloud Apps, Zscaler, and Palo Alto for SaaS security, shadow IT discovery, and data protection.

Cloud Security Posture Management (CSPM)

Evaluate Wiz, Prisma Cloud, Orca Security, and Lacework for cloud misconfiguration detection, compliance monitoring, and attack path analysis.

Data Loss Prevention (DLP)

Compare Symantec DLP, Microsoft Purview DLP, Forcepoint, and Digital Guardian for data classification, exfiltration prevention, and compliance enforcement.

This profile was compiled by CIOPages from public sources with AI assistance, and may be incomplete or out of date. It is informational only and not an endorsement. Represent this vendor? or .

Quick Facts

www.zaproxy.org

CategoryCybersecurity

SubcategoryApplication Security

PricingOpen Source

DeploymentOpen Source

Target SizeEnterprise

Explore

All Cybersecurity vendors Browse Application Security Compare with filters Full vendor directory

A Cybersecurity Capabilities Model Data Privacy & Security AI Governance in Practice