Acunetix
Web vulnerability scanner for automated security testing of websites and web apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Automated web app security scanner for developers and pentesters
ZAP automatically discovers security flaws in web applications during development and testing, offering both automated scanning and manual testing tools for developers and seasoned penetration testers.
ZAP (Zed Attack Proxy) is a free, community‑driven web application security scanner that helps you identify vulnerabilities early in the development lifecycle. It supports automated scans that can be integrated into CI/CD pipelines as well as manual testing features such as an intercepting proxy, making it suitable for both developers and experienced penetration testers.
Built on Java and available as a Docker image, ZAP can be run locally, in containers, or as part of automated test suites. Its extensible architecture allows add‑ons to enhance functionality, while integration tests and live Docker releases simplify continuous security testing. Whether you need quick vulnerability checks or deep manual exploration, ZAP provides a flexible, enterprise‑grade solution without licensing costs.
When teams consider ZAP, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
CI/CD Pipeline Integration
Automatically scan each build and prevent deployment of vulnerable releases
Manual Security Assessment
Use the intercepting proxy to explore application behavior and uncover hidden issues
Docker‑Based Testing Environment
Spin up an isolated ZAP container for repeatable scans in any environment
Security Training
Provide hands‑on experience for developers learning secure coding practices
ZAP scans any web application regardless of the backend language or framework.
Pull the official image and start it with `docker run -u zap -p 8080:8080 owasp/zap2docker-stable`.
Yes, ZAP is released under the Apache‑2.0 license and can be used commercially at no cost.
Yes, ZAP supports add‑ons and scripts to tailor scans and integrate with other tools.
No, ZAP is open source and does not require any licensing fees.
Project at a glance
ActiveLast synced 4 days ago
