OWASP ZAP
Free open-source web app security scanner
⭐ 4.4/5 (6400 reviews)
About OWASP ZAP
OWASP ZAP (Zed Attack Proxy) is the world's most widely used free, open-source web application security scanner maintained by the OWASP Foundation.
Key Features
- Automated web app scanning
- Intercepting proxy
- Active and passive scanning
- REST API for automation
- Ajax Spider for JS apps
- Marketplace for add-ons
✅ Pros
- Free and open-source
- OWASP maintained
- Good for CI/CD integration
- Active community
❌ Cons
- Slower than commercial scanners
- False positive tuning needed
- UI is dated
Ad Space (728x90)