InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
ZAP Alternatives
Similar projects and alternatives to ZAP
-
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
-
masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-
-
-
prowler
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
-
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
-
-
-
-
-
awesome-dva
A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better ZAP alternative or higher similarity.
ZAP discussion
ZAP reviews and mentions
Posts with mentions or reviews of ZAP.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2025-04-29.
-
Fortifying Cloud-Native Applications: Key Security Measures
OWASP ZAP: A powerful web application scanner that detects vulnerabilities attackers could exploit—like having a friendly ethical hacker on your team.
- Show HN: Kate's App
-
Final Testing, Going Live, and Summary (Nerd Streetwear Online Store) Part IV
Tools: Conduct a security audit using tools like OWASP ZAP to identify vulnerabilities.
-
A few tools for pentest remediation
Here are a few tools you can use: https://www.zaproxy.org/ (Web app scanner) https://www.ssllabs.com/ssltest/analyze.html?d=importer.bilendo.de (SSL server test) https://github.com/santoru/shcheck (Security Header Check) https://observatory.mozilla.org/ (Content Security Policy validator)
-
Top 11 DevOps Security Tools
4. ZAP
-
AppSec: The Security Specialty That Rules Them All
ZAP (https://www.zaproxy.org/)
- Zap: The Open-Source Security Testing Tool for Web Applications
-
Top 5 Techniques to Protect Web Apps from Unauthorized JavaScript Execution
Use tools like OWASP ZAP or Burp Suite to scan for known vulnerabilities. Automated scans provide a quick way to identify common security issues.
-
Automated ways to security audit your website
There are many tools available for this, e.g. Burp Suite, ZAP, etc. We've evaluated a few and found Probely to be the most comprehensive. They have a trial, so your first few scans will be free. After each scan, you will get a report that includes a list of all findings and a recommendation on how to fix them. You will also get a PCI-DSS and OWASP compliance report.
-
API Security Fundamentals: Key Practices for Developers
Overview: [ZAP](https://www.zaproxy.org/ is a popular open-source tool for detecting security vulnerabilities in web applications.
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 May 2025
Stats
Basic ZAP repo stats
71
13,602
9.3
4 days ago
zaproxy/zaproxy is an open source project licensed under Apache License 2.0 which is an OSI approved license.
ZAP is marked as "self-hosted". This means that it can be used as a standalone application on its own.
The primary programming language of ZAP is Java.
Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com