Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of The Software Security Project (SSP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

At its core, ZAP is what is known as a “man-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.

You can easily create a new Azure VM from this image to get started with ZAP on Windows 2016.

Usage Instructions:

  Refer the article mentioned to get started with ZAP, after opening the ZAP application from location(C:\Program Files\ZAP\Zed Attack Proxy): https://www.zaproxy.org/getting-started/

Easy ZAP on Windows 2016 Support by Azure Experts

 We at Apps4Rent assist you in deploying ZAP on Windows 2016 across different OSes on Azure. Tested by Apps4Rent engineers, ZAP on Windows 2016 is supported by Azure cloud infrastructure. For any issues, our Azure experts are available 24/7 via phone, chat, and email. Contact us today!

Key Features of ZAP:

• Open source
• Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets.
• Add-ons
• Alerts: An alert is a potential vulnerability and is associated with a specific request.
• ZAP supports multiple Verification Strategies in order to detect when messages correspond to authenticated requests.

Disclaimer: Apps4Rent does not offer commercial licenses of any of the products mentioned above. The products come with open-source licenses.

Default port:3389
Allow port:3389

Learn More:

Managed Azure services
Solutions on Microsoft Azure