A self-hosted alternative to Burp Suite Professional for dynamic application security testing (DAST). It integrates into CI/CD pipelines to automatically detect SQL injection, XSS, and other vulnerabilities.
Tech Stack
JavaTesting & QA
Why zaproxy?
• Industry standard (OWASP)
• Powerful scripting (Zest)
• Headless mode support
Limitations
• Steep learning curve
• UI is utilitarian
• False positives require tuning
1/14/2026
Last Update
2,491
Forks
850
Issues
Apache-2.0
License
Financial Leak Detected
Stop the "SaaS Tax"
Your team could be burning cash. Switching to zaproxy instantly boosts your runway.
