Documentation

Guides

Getting Started Guide - a good place to start if you are new to ZAP

Getting Further Guides - in depth guides covering different ways you can use ZAP

Desktop User Guide - the help included with the ZAP desktop application

ZAP Developer Guide - ZAP documentation for developers

Contributing Guide - lots more details on how you can get involved

FAQ - Frequently Asked Questions

ZAPping the OWASP Top 10 (2021) - a guide mapping Top 10 items to ZAP functionality that can assist IT security personnel

In Depth Features

Automate - the various options for automating ZAP

Authentication Decision Tree - the best place to start if you need ZAP to authenticate to your app

Docker - detailed information on ZAP's Docker images

Burp to ZAP Feature Map - a mapping from Burp Suite features to their ZAP equivalents

Statistics - public ZAP usage statistics

Software Bill of Materials - ZAP add-on SBOMs

Internal Details

Alert Details - detailed information on the alerts ZAP can raise

Constants - defined in the ZAP codebase that are exposed via the API and/or scripts

Internal Events - detailed information on the internal events ZAP publishes

Internal Statistics - detailed information on the internal statistics ZAP maintains

Test Scans - the results of running ZAP vs well known deliberately vulnerable apps