OWASP ZAP
SAST/DAST dast
Open Source
Open-source web security scanner
Platforms:
linux windows macos
Prerequisites:
java networking
Pros and Cons
Ventajas
- + Completely free and open-source
- + Very complete for web testing
- + API for automation
- + Active OWASP community
- + Extensible plugins
Desventajas
- - Can be slow in full scans
- - Somewhat outdated UI
- - Requires configuration for best results
Casos de Uso
- Web application pentesting
- DAST in CI/CD
- Bug bounty hunting
- Security assessments