OWASP Scanner

What is the OWASP Zap Passive Vulnerability Scanner?

OWASP ZAP, also known as Zed Attack Proxy enables software developers and testers to perform vulnerability testing on their web applications to find vulnerabilities and thwart hostile attacks. It is now one of the Open Web Application Security Project (OWASP) projects with the highest number of searches. A group of volunteers maintains it from around the world.

Hosted ZAP


Hosted OWASP ZAP. Nothing to install. Start your first scan website vulnerability scan in minutes with these three easy steps

  • Click the Get Started button and sign up for a free account. No card required.
  • Add and verify your domain.
  • Add your site to your verified domain and initiate your first scan.
Free for two sites on a daily scan schedule. Additional charges apply for on-demand scanning.


This DAST (Dynamic Application Security Testing) tool is designed to be used by web developers and web application vulnerabiity testers. Domain verification is required before launching a passive website security scan with this tool. The free vulnerability scanning plan allows up to two website to each be scanned once in a 24 hour period. No credit card is required for the free plan.