MASTG-TOOL-0079: ZAP

ZAP (Zed Attack Proxy) is a free security tool which helps to automatically find security vulnerabilities in web applications and web services.

Techniques

MASTG-TECH-0011: Setting Up an Interception Proxy MASTG-TECH-0120: Intercepting HTTP Traffic Using an Interception Proxy MASTG-TECH-0121: Intercepting Non-HTTP Traffic Using an Interception Proxy

Tests

MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services MASTG-TEST-0206: Undeclared PII in Network Traffic Capture MASTG-TEST-0019: Testing Data Encryption on the Network MASTG-TEST-0236: Cleartext Traffic Observed on the Network MASTG-TEST-0054: Determining Whether Sensitive Data Is Shared with Third Parties MASTG-TEST-0065: Testing Data Encryption on the Network