OWASP Zed Attack Proxy (ZAP) is one of the world's most popular web application security testing tools. It automatically finds security vulnerabilities in your web applications while you are developing and testing your applications. It can be used as a man-in-the-middle between browser and app server, as a standalone application, or as a daemon process without UI.