Welcome to the Zed Attack Proxy (ZAP) Desktop User Guide.
This is available both as context sensitive help within ZAP and online at https://www.zaproxy.org/docs/desktop/
ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
ZAP can also be run in a completely automated way - see the ZAP website for more details.
If you are new to ZAP then its recommended that you look at the Getting Started section.
ZAP is a fork of the open source variant of the Paros Proxy.
| Getting Started | for details of how to start using ZAP | |
| Features | for details of various features provided by ZAP | |
| UI Overview | for an overview of the User Interface | |
| Command Line | for the command line options available | |
| Releases | for details of the changes made in ZAP releases | |
| Credits | for the list of people who have contributed to ZAP |
| Main ZAP website | |
| Wikipedia entry for proxies |
| https://www.zaproxy.org/videos/ An ever growing collection of ZAP videos |