OWASP ZAP is a free and open-source web application security scanner. It is designed to be utilized by expert penetration testers as well as individuals who are new to application security.
It has received Flagship status and has been one of the most active Open Web Application Security Project initiatives.
ZAP 2.14.0 is now available, adding support for Host Header Manipulation, ZAPit, API File Transfers, Graal JS Add-on Access, Postman collections, SBOMs, and more.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
What’s New in ZAP 2.14.0?
In this updated version, ZAP now supports manipulating host headers. There is a new “Update Host Header” button available on the Break, Manual Request, and Requester dialogues. By default, this is enabled (to maintain backward compatibility).
A new -zapit command line option is also included in this version to execute a quick ‘reconnaissance’ scan of the provided URL.
The API file transfers may now be used to upload and download files to and from ZAP. As a safety precaution, this function is deactivated by default.
Anyone running Java 15+ has had to rely on the Graal JS add-on for JavaScript support since Oracle removed the Nashorn JavaScript engine from Java 15.
Unfortunately, it could not access add-on classes owing to classloader problems; now that these problems have been fixed, Graal JS is the suggested JavaScript engine to use in ZAP.
For the ZAP core and any add-on the ZAP team maintains, ZAP provides a runtime Software Bill of Materials (SBOM) produced by CycloneDX.
In the ZAP Browser Extensions, under the new Client Side Integration add-on which supports:
- Browser Recording
- Streaming client-side events to ZAP
The release also includes dependency updates. The following libraries were updated:
- Commons Lang, 3.12.0 → 3.13.0
- Flatlaf 3.1.1 → 3.2.1
- RSyntaxTextArea, 3.3.3 → 3.3.4
The following library was added:
New Add-Ons:
Postman, which allows you to import Postman collections through the UI. Importing via the API and command line is in progress.
A complete list of enhancements and fixes can be found here.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.