ZAP

ZAP (Zed Attack Proxy) is an open-source dynamic application security testing (DAST) tool that identifies security vulnerabilities in web applications during runtime by acting as an intercepting proxy between browsers and web applications, detecting issues such as SQL injection, cross-site scripting, insecure authentication, and security misconfigurations. The tool performs both passive scanning to analyze HTTP requests and responses without modification, and active scanning that simulates real attacks using known attack vectors to discover vulnerabilities that could be exploited by malicious actors before applications are deployed to production environments.