Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Similar projects and alternatives to Zed
Automatic SQL injection and database takeover tool
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
Simple Encryption in PHP.
Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
Standards compliant HTML filter written in PHP
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Web path scanner
In-depth Attack Surface Mapping and Asset Discovery
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
A Tool for Domain Flyovers
Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
Headless Chrome Node.js API
PHP Secure Communications Library
A tool for secrets management, encryption as a service, and privileged access management
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Zed reviews and mentions
Cyber Security for developers: what and where to learn?
2 projects | reddit.com/r/ExperiencedDevs | 24 Feb 2023
Dynamic Application Security Testing - DAST
Pentesting Tools I Use Everyday
8 projects | dev.to | 7 Feb 2023
Learn more about ZAP here: https://www.zaproxy.org/
CSPM opensource suggestions
9 projects | reddit.com/r/cloudsecurity | 15 Jan 2023
Mapping your AWS attack surface
5 projects | dev.to | 26 Dec 2022
Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.
Help with random values in query string
2 projects | reddit.com/r/scrapy | 1 Dec 2022
MITM proxy or ZAP are good at those kinds of tricks
How to Become a Pirate Archivist
2 projects | news.ycombinator.com | 17 Oct 2022
I'm not in the pirate archivist space, but sections 3 and 5 are relevant to my interests. I've had great luck with ZAP (https://github.com/zaproxy/zaproxy#readme) glued to a copy of Firefox (because it allows monkeying with the _browser_'s proxy without having to alter the system one as other browsers do) for archiving all content seen while surfing around a site. It even achieves the stated goal of preserving the HTML (etc) in a database since ZAP uses hsqldb
Then, section 5 reads like an advertisement for Scrapy since it is just stellar at following all pagination links and then either emitting the extracted payload as your own data structure and/or by telling Scrapy you want to download some media as-is. It will, by default, put the local content in a directory of your choice and hash the url to make the local filename. A separate json file serves as the "accounting" between the things it downloaded and their hashed on-disk filename
Scrapy is also able to glue 3 and 5 together because it has a pluggable (everything, heh) dupe detection hook and also HTTP cache support that can be backed by anything, including the aforementioned hsqldb operating in network mode. Scrapy is also very test friendly, since each method accepts a well known python object and emits either a follow-on request, zero or more extracted objects, or nothing if pagination has ended
I can appreciate there may be other scraping frameworks, but of the ones I've tried Scrapy makes everything that I've asked it to do simple and transparent
Boss hired a new advisor, and his first demand is "RESTful APIs should not response HTTP status code".
2 projects | reddit.com/r/cybersecurity | 12 Jul 2022
My suggestion would be to follow the OWASP guides or present them to management since they are an industry standard. Furthermore in preparation for pentesting you can instruct your QAs to run through the ASVS controls and run OWASP ZAP to mitigate existing issues. Security and best-practice checks could also be enforced on pull request reviews (there's a ton of software like snyk or blackduck which can be automated per branch/pr etc)
Get or extract download URL from a client?
2 projects | reddit.com/r/hacking | 2 Jul 2022
OWASP ZAP is a good alternative https://www.zaproxy.org/
What small changes did you implement for your users that really helped them out in their day to day work?
4 projects | reddit.com/r/sysadmin | 28 May 2022
webapp security auditing,
Writing a TLS capable http proxy in Rust using actix-web
3 projects | reddit.com/r/rust | 13 May 2022
I'm trying to write an HTTP interception proxy similar to what's found in Burp Suite or Zap that allows users to intercept HTTP requests sent by their browser. I have found an example using actix-web which can handle non-TLS requests and I'm trying to modify it to support TLS.
A note from our sponsor - Sonar
www.sonarsource.com | 24 Mar 2023
zaproxy/zaproxy is an open source project licensed under Apache License 2.0 which is an OSI approved license.