OWASP ZAP is an open-source web security testing tool, used for detecting vulnerabilities in web applications.
ZAP provides you with configured automated scanners as well as a set of tools that allows you to detect vulnerabilities and threats manually. It is designed for people with a wide range of security expertise and is in a way ideal for developers and functional testers who are new to penetration testing and is also a useful to an experienced pen tester’s skillset.
This is a cross-platform tool written in Java, available in all of the operating systems including Microsoft Windows, Linux and Mac OS X.
OWASP ZAP 2.5.0 has four modes: