Web应用程序漏洞挖掘代理 - ZAProxy
2011-09-20 16:59
246 查看
Zed Attack Proxy (ZAP)是一个易于使用交互式的用于web应用程序漏洞挖掘的渗透测试工具。ZAP即可以用于安全专家、开发人员、功能测试任何甚至是渗透测试入门人员。ZAP除了提供了自动扫描工具还提供了一些用于手动挖掘安全漏洞的工具。目前ZAP更新之1.3.2版,新版本主要改变如下:
* Issue 53 : Scan Policy configuration bug
* Issue 62 : The “Export all urls to File” does not seem to work
* Issue 87 : SSL not working with Dynamic SSL Certificate generator (with Chrome on Mac OS)
* Issue 95 : NullPointerException when dropping requests in proxy
* Issue 106 : Cannot display HTTP gzipped contents
* Issue 107 : The last intercepted request/response remains in the Break window
* Issue 131 : Right click on Mac without mouse doesn’t work
* Issue 138 : Broken end of stream detection causes endless loop and threads not ending
* Issue 143 : Help button: Options –> Language
* Issue 145 : Crash at start up
* Issue 147 : Session save and request/response data
* Issue 151 : Incorrect language used by ZAP
* Issue 152 : Check for updates not working
工具下载:http://code.google.com/p/zaproxy/downloads/list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional
testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
* Issue 53 : Scan Policy configuration bug
* Issue 62 : The “Export all urls to File” does not seem to work
* Issue 87 : SSL not working with Dynamic SSL Certificate generator (with Chrome on Mac OS)
* Issue 95 : NullPointerException when dropping requests in proxy
* Issue 106 : Cannot display HTTP gzipped contents
* Issue 107 : The last intercepted request/response remains in the Break window
* Issue 131 : Right click on Mac without mouse doesn’t work
* Issue 138 : Broken end of stream detection causes endless loop and threads not ending
* Issue 143 : Help button: Options –> Language
* Issue 145 : Crash at start up
* Issue 147 : Session save and request/response data
* Issue 151 : Incorrect language used by ZAP
* Issue 152 : Check for updates not working
工具下载:http://code.google.com/p/zaproxy/downloads/list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional
testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
相关文章推荐
- WEB漏洞检测与挖掘
- 测试Web应用程序是否存在跨站点脚本漏洞
- WEB漏洞挖掘技术
- 提高 Ajax 应用程序性能,避开 Web 服务漏洞
- Grep与web漏洞挖掘
- WEB漏洞挖掘技术
- [ZT]提高 Ajax 应用程序性能,避开 Web 服务漏洞
- 测试 Web 应用程序是否存在跨站点脚本漏洞
- Web 应用程序常见漏洞 CSRF 的入侵检测与防范
- Web漏洞挖掘
- Java 理论与实践: 有状态 Web 应用程序都有漏洞吗?
- WebAssembly,可以作为任何编程语言的编译目标,使应用程序可以运行在浏览器或其它代理中——浏览器里运行其他语言的程序?
- Grep与web漏洞挖掘
- WEB漏洞挖掘技术
- WEB漏洞挖掘技术总结
- 全面分析Web应用程序安全漏洞——《黑客攻防技术宝典:web实战篇》
- WEB手动漏洞挖掘-SQL盲注(DVWA实战)
- 浅谈web漏洞挖掘—特殊变量fuzz
- Java 理论与实践:有状态 Web 应用程序都有漏洞吗?
- 全面分析Web应用程序安全漏洞——《黑客攻防技术宝典:web实战篇》