Wubi Posted August 10, 2012 Report Posted August 10, 2012 Our first post regarding the ZAProxy or the OWASP Zed Attack Proxy can be found here. Now, an updated ZAProxy version 1.4.1 was released! This is a bug fix release and doesn’t include any new functionality.“The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAProxy provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.”ZAProxy 1.4.1 official change log:Bug fixes: Issue 297 : Exclusions not honored Issue 298 : Content-Length header is not properly update Issue 306 : Change zap.sh memory setting Issue 307 : ConcurrentModificationException when openning a big session Issue 308 : ZAP in daemon mode exits when you save a session Issue 309 : Client API cant cope with Informational risk Issue 312 : Increase the maximum number of scanning threads allowed Issue 314 : Handle very large results more cleanly Issue 315 : XSS false positive – injecting into an input src when the type is not ‘image’ Issue 319 : Spider progress not reported correctly via the API Issue 320 : AScan can miss subtrees if invoked via the API Issue 337 : Increase jvm permsize Download ZAProxy: ZAProxy 1.4.1 – ZAP_1.4.1_Windows.exe/ZAP_1.4.1_Linux.tar.gzSursa: ZAProxy version 1.4.1! — PenTestIT Quote
