ZAP (Zed Attack Proxy) is a free and simple to use penetration test tool designed to be used to make web applications more secure.While ZAP can detect some security issues automatically, it is primarily designed to help you find security vulnerabilities manually.Unlike some security tools ZAP is designed to be used by people with a wide range of security experience.As such, ZAP is suitable for developers and functional testers who a new to penetration testing.WARNING: You should NOT use ZAP on web applications that you do not have permission to test.
Here are some key features of "ZAP":
· Intercepting proxy
· Automated scanner
· Passive scanner