The OWASP ZAP core project (by zaproxy)

Zed Alternatives

Similar projects and alternatives to Zed

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better Zed alternative or higher similarity.

Zed reviews and mentions

Posts with mentions or reviews of Zed. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-24.
  • Cyber Security for developers: what and where to learn?
    2 projects | reddit.com/r/ExperiencedDevs | 24 Feb 2023
    Dynamic Application Security Testing - DAST
  • Pentesting Tools I Use Everyday
    8 projects | dev.to | 7 Feb 2023
    Learn more about ZAP here: https://www.zaproxy.org/
  • CSPM opensource suggestions
    9 projects | reddit.com/r/cloudsecurity | 15 Jan 2023
  • Mapping your AWS attack surface
    5 projects | dev.to | 26 Dec 2022
    Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.
  • Help with random values in query string
    2 projects | reddit.com/r/scrapy | 1 Dec 2022
    MITM proxy or ZAP are good at those kinds of tricks
  • How to Become a Pirate Archivist
    2 projects | news.ycombinator.com | 17 Oct 2022
    I'm not in the pirate archivist space, but sections 3 and 5 are relevant to my interests. I've had great luck with ZAP (https://github.com/zaproxy/zaproxy#readme) glued to a copy of Firefox (because it allows monkeying with the _browser_'s proxy without having to alter the system one as other browsers do) for archiving all content seen while surfing around a site. It even achieves the stated goal of preserving the HTML (etc) in a database since ZAP uses hsqldb

    Then, section 5 reads like an advertisement for Scrapy since it is just stellar at following all pagination links and then either emitting the extracted payload as your own data structure and/or by telling Scrapy you want to download some media as-is. It will, by default, put the local content in a directory of your choice and hash the url to make the local filename. A separate json file serves as the "accounting" between the things it downloaded and their hashed on-disk filename

    Scrapy is also able to glue 3 and 5 together because it has a pluggable (everything, heh) dupe detection hook and also HTTP cache support that can be backed by anything, including the aforementioned hsqldb operating in network mode. Scrapy is also very test friendly, since each method accepts a well known python object and emits either a follow-on request, zero or more extracted objects, or nothing if pagination has ended

    I can appreciate there may be other scraping frameworks, but of the ones I've tried Scrapy makes everything that I've asked it to do simple and transparent

  • Boss hired a new advisor, and his first demand is "RESTful APIs should not response HTTP status code".
    2 projects | reddit.com/r/cybersecurity | 12 Jul 2022
    My suggestion would be to follow the OWASP guides or present them to management since they are an industry standard. Furthermore in preparation for pentesting you can instruct your QAs to run through the ASVS controls and run OWASP ZAP to mitigate existing issues. Security and best-practice checks could also be enforced on pull request reviews (there's a ton of software like snyk or blackduck which can be automated per branch/pr etc)
  • Get or extract download URL from a client?
    2 projects | reddit.com/r/hacking | 2 Jul 2022
    OWASP ZAP is a good alternative https://www.zaproxy.org/
  • What small changes did you implement for your users that really helped them out in their day to day work?
    4 projects | reddit.com/r/sysadmin | 28 May 2022
    webapp security auditing,
  • Writing a TLS capable http proxy in Rust using actix-web
    3 projects | reddit.com/r/rust | 13 May 2022
    I'm trying to write an HTTP interception proxy similar to what's found in Burp Suite or Zap that allows users to intercept HTTP requests sent by their browser. I have found an example using actix-web which can handle non-TLS requests and I'm trying to modify it to support TLS.
  • A note from our sponsor - Sonar
    www.sonarsource.com | 24 Mar 2023
    Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →


Basic Zed repo stats
2 days ago
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives