OWASP ZAP v2.4.0 Released

OWASP ZAP v2.4.0 Released

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.4.0

Significant changes:

Attack mode: A new ‘ATTACK’ Mode has been added – new nodes that are in Scope are actively scanned as soon as they are discovered.

Advanced fuzzing: A completely new fuzzing dialog has been introduced that allows multiple injection points to be attacked at the same time.

This supports new attack payloads including the option to use scripts for generating the payloads as well as pre and post attack manipulation and analysis.

Scan dialogs with advanced options: New Active Scan, Spider and AJAX Spider dialogs have replaced the increasing number of right click ‘Attack’ options.

These provide easy access to all of the most common options and optionally a wide range of advanced options.

Scan Policies: A new Scan Policy Manager dialog allows you to create as many Scan Policies as you need.

Scan policies define exactly which rules are run as part of an Active Scan.
They also define how these rules run influencing how many requests are made and how likely potential issues are to be flagged.

Unused tabs hidden: By default only the essential tabs are now shown when ZAP starts up.

The remaining tabs are revealed when they are used (e.g. for the spider and active scanner) or when you display them via the special tab on the far right of each window with the green ‘+’ icon. This special tab disappears if there are no hidden tabs.
Tabs can be closed via a small ‘x’ icon which is shown when the tab is selected.
Tabs can also be ‘pinned’ using a small ‘pin’ icon that is also shown when the tab is selected – pinned tabs will be shown when ZAP next starts up.

Enablers for Sequence scanning add-on: A new optional ‘alpha’ quality add-on adds the ability to scan ‘sequences’ of web pages, in other words pages that must be visited in a strict order in order to work correctly.

Enablers for access control testing add-on: A new optional ‘alpha’ quality add-on adds the ability to automate many aspects of access control testing.

Note for API Users: Please be aware that the Plugin ID for the External Redirect scanner has changed from 30000 to 20019.


Full Changelog: here

[button size=large style=round color=red align=none url=https://code.google.com/p/zaproxy/wiki/Downloads?tm=2]Download OWASP ZAP v2.4.0[/button]


www.artssec.com @maxisoler