The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The current version of ZAP is 1.0.0 and it can be downloaded from the Google Code page.
Some of ZAP's features:
* Intercepting proxy
* Automated scanner
* Passive scanner
Some of ZAP's characteristics:
* Easy to install (just requires java 1.6)
* Ease of use a priority
* Comprehensive help pages
* Under active development
* Open source
* Free (no paid for 'Pro' version)
* Cross platform
* Involvement actively encouraged
ZAP is a fork of the well regarded Paros Proxy.
You can download ZAP v1.0 here: