ZAP

The ZED Attack Proxy (ZAP) is a project from OWASP which allows you to probe an existing site for security vulnerabilities in an automated fashion. It can be used as part of periodic security testing, or else integrated into a CD pipeline to provide ongoing checks for common vulnerabilities. The use of a tool like ZAP doesn’t replace the need to think carefully about security and do other sorts of more thorough testing, but as another tool to help ensure our systems are more secure it’s a good addition to the toolbox.