OWASP ZAP

AWS Azure Security 2 variations

OWASP ZAP, the open source web application security scanner, running as a headless daemon with its REST API ready.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Variations

Choose the operating system, cloud and version you need. Every variation is the same hardened OWASP ZAP image, built and supported by cloudimg.

ProductCloudOperating systemVersion
OWASP ZAP AWS Standard View · Guide
OWASP ZAP on Ubuntu 24.04 LTS Azure Ubuntu 24.04 Standard View · Guide

Overview

OWASP ZAP (Zed Attack Proxy) is a widely used open source dynamic application security testing scanner. It spiders web applications and runs passive and active scans to find vulnerabilities, and can be driven entirely over an authenticated REST API.

Why the cloudimg image

cloudimg ships ZAP preinstalled and running as a headless daemon with the REST API bound to loopback, and a random API key is generated fresh on first boot so no shared secret ships in the image. A bundled Java runtime, the session database on a dedicated resizable data disk and 24/7 support round out the image.

Common uses

  • Dynamic application security testing
  • CI/CD security scanning
  • Penetration testing workflows