OWASP ZAP
E195615
OWASP ZAP (Zed Attack Proxy) is an open-source web application security testing tool used to find vulnerabilities in web applications.
All labels observed (4)
| Label | Occurrences |
|---|---|
| OWASP ZAP canonical | 1 |
| OWASP Zed Attack Proxy | 1 |
| Open Worldwide Application Security Project | 1 |
| https://www.zaproxy.org/ | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1717786 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: OWASP ZAP Context triple: [Kali Linux, includesTool, OWASP ZAP]
-
A.
Burp Suite
Burp Suite is a popular integrated platform for web application security testing, widely used by penetration testers to identify and exploit vulnerabilities.
-
B.
OpenVAS
OpenVAS is an open-source vulnerability scanning and management framework used to assess and improve the security of computer networks and systems.
-
C.
BeEF
BeEF (Browser Exploitation Framework) is a penetration testing tool focused on exploiting web browsers to assess and demonstrate client-side security vulnerabilities.
-
D.
Checkmarx
Checkmarx is a cybersecurity company specializing in application security testing solutions that help organizations identify and remediate vulnerabilities in their software code.
-
E.
Ettercap
Ettercap is a network security tool used for sniffing, intercepting, and manipulating traffic on local area networks, commonly employed for man-in-the-middle attacks and protocol analysis.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: OWASP ZAP Target entity description: OWASP ZAP (Zed Attack Proxy) is an open-source web application security testing tool used to find vulnerabilities in web applications.
-
A.
Burp Suite
Burp Suite is a popular integrated platform for web application security testing, widely used by penetration testers to identify and exploit vulnerabilities.
-
B.
OpenVAS
OpenVAS is an open-source vulnerability scanning and management framework used to assess and improve the security of computer networks and systems.
-
C.
BeEF
BeEF (Browser Exploitation Framework) is a penetration testing tool focused on exploiting web browsers to assess and demonstrate client-side security vulnerabilities.
-
D.
Checkmarx
Checkmarx is a cybersecurity company specializing in application security testing solutions that help organizations identify and remediate vulnerabilities in their software code.
-
E.
Ettercap
Ettercap is a network security tool used for sniffing, intercepting, and manipulating traffic on local area networks, commonly employed for man-in-the-middle attacks and protocol analysis.
- F. None of above. chosen
Statements (53)
| Predicate | Object |
|---|---|
| instanceOf |
intercepting proxy
ⓘ
open-source software ⓘ security scanner ⓘ web application security testing tool ⓘ |
| abbreviation | ZAP ⓘ |
| category |
penetration testing tool
ⓘ
vulnerability scanner ⓘ web application security ⓘ |
| detects |
SQL injection vulnerabilities
ⓘ
cross-site scripting vulnerabilities ⓘ directory browsing issues ⓘ insecure cookies ⓘ missing security headers ⓘ |
| developer | OWASP ⓘ |
| feature |
AJAX spider
ⓘ
REST API ⓘ active scanning ⓘ authentication testing ⓘ command-line interface ⓘ context-based configuration ⓘ fuzzer ⓘ headless mode ⓘ intercepting proxy ⓘ passive scanning ⓘ plug-in architecture ⓘ report generation ⓘ scripting support ⓘ session management ⓘ spidering ⓘ |
| fullName |
OWASP ZAP
self-linksurface differs
ⓘ
surface form:
OWASP Zed Attack Proxy
|
| integration |
CI/CD pipelines
ⓘ
DevSecOps workflows ⓘ |
| license | Apache License 2.0 ⓘ |
| operatingSystem |
Linux
ⓘ
Windows ⓘ macOS ⓘ |
| organization |
OWASP ZAP
self-linksurface differs
ⓘ
surface form:
Open Worldwide Application Security Project
|
| programmingLanguage | Java ⓘ |
| repository | https://github.com/zaproxy/zaproxy ⓘ |
| sourceModel | open source ⓘ |
| supportsLanguage |
Groovy scripts
ⓘ
JavaScript scripts ⓘ Python scripts ⓘ |
| supportsProtocol |
HTTP
ⓘ
HTTPS ⓘ |
| targetUser |
DevOps engineers
ⓘ
developers ⓘ security testers ⓘ |
| useCase |
API security testing
ⓘ
automated security regression testing ⓘ security training and demos ⓘ web application penetration testing ⓘ |
| website |
OWASP ZAP
self-linksurface differs
ⓘ
surface form:
https://www.zaproxy.org/
|
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: OWASP ZAP Description of subject: OWASP ZAP (Zed Attack Proxy) is an open-source web application security testing tool used to find vulnerabilities in web applications.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
OWASP Zed Attack Proxy
this entity surface form:
Open Worldwide Application Security Project