Published on April 27th, 2015 | by MaxiSoler0
OWASP ZAP v2.4.0 Released
OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Advanced fuzzing: A completely new fuzzing dialog has been introduced that allows multiple injection points to be attacked at the same time.
This supports new attack payloads including the option to use scripts for generating the payloads as well as pre and post attack manipulation and analysis.
These provide easy access to all of the most common options and optionally a wide range of advanced options.
Scan policies define exactly which rules are run as part of an Active Scan.
They also define how these rules run influencing how many requests are made and how likely potential issues are to be flagged.
Unused tabs hidden: By default only the essential tabs are now shown when ZAP starts up.
The remaining tabs are revealed when they are used (e.g. for the spider and active scanner) or when you display them via the special tab on the far right of each window with the green ‘+’ icon. This special tab disappears if there are no hidden tabs.
Tabs can be closed via a small ‘x’ icon which is shown when the tab is selected.
Tabs can also be ‘pinned’ using a small ‘pin’ icon that is also shown when the tab is selected – pinned tabs will be shown when ZAP next starts up.
Enablers for Sequence scanning add-on: A new optional ‘alpha’ quality add-on adds the ability to scan ‘sequences’ of web pages, in other words pages that must be visited in a strict order in order to work correctly.
Enablers for access control testing add-on: A new optional ‘alpha’ quality add-on adds the ability to automate many aspects of access control testing.
Note for API Users: Please be aware that the Plugin ID for the External Redirect scanner has changed from 30000 to 20019.
Full Changelog: here