|
OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. It is one of the most active OWASP projects〔(【引用サイトリンク】title=Open Web Application Security Project (OWASP) )〕 and has been given Flagship status.〔(【引用サイトリンク】title=OWASP Project Inventory )〕 It is also fully internationalized and is being translated into over 25 languages.〔(【引用サイトリンク】title=OWASP ZAP )〕 When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https. It can also run in a ‘daemon’ mode which is then controlled via a REST Application programming interface. This cross-platform tool is written in Java and is available in all of the popular operating systems including Microsoft Windows, Linux and Mac OS X. ZAP was added to the ThoughtWorks Technology Radar in May 2015 in the Trial ring. ==Features== Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers, Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocket support, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「OWASP ZAP」の詳細全文を読む スポンサード リンク
|