The OWASP Zed Attack Proxy (commonly known as ZAP) is one of the most popular web application security testing tools. It has many features that allow it to be used for manual security testing; it also fits nicely into continuous integration/continuous delivery (CI/CD) environments after some tweaking and configuration.
More details about the project can be found at https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.
Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Read more about OWASP projects and resources at https://www.owasp.org.
OWASP ZAP includes many different tools and features in one package. For a pentester tasked with doing the security testing of web applications, the following...