OWASP ZAProxy v1.3.4 Released
OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Changelog v1.3.4
Minor changes:
- Issue 146 : Inverse regex on search plus fuzz match highlighting
- Issue 202 : Option to turn off brute force recursion
- Issue 215 : Allow custom brute force files to be added easily
- Also added the ability to set the default brute force file.
- Issue 217 : Invoke apps – add support for cookies and post data params
- Issue 218 : Allow users to easily add their own fuzzer files
- Also added the option to append the output to a Note related to the relevant entry.
Bug fixes:
- Issue 56 : Disable POST reqs in Spider
- Issue 186 : Connection Options – Prompt for proxy credentials on start up / Address validation not empty
- Issue 188 : Problem upgrading ZAP on linux and Windows
- Issue 191 : Exception when the URL contains escaped characters
- Issue 196 : Multiple dialogs of the same option, opened simultaneously, do not work properly.
- Issue 199 : Vulnerabilities with texts truncated
- Issue 204 : Search on headers only finds regex in requests
- Issue 206 : Exception in “Alerts” tab when choosing a popup option
- Issue 214 : No alert message when saving report in a read only location
- Issue 216 : Exception when an URI doesn’t have the path component
- Issue 219 : Break and ignore urls by default include GET/POST
- Issue 220 : Incorrect message: Password (stored in clear text)
Download OWASP ZAProxy v1.3.4