Zap FAQs

Question 1

What is MCP and how does Zap use it?

Accepted Answer

MCP (Model Context Protocol) is a protocol that enables AI agents to interact with software tools. Zap exposes OWASP ZAP actions as MCP tools, allowing AI agents to orchestrate security tasks.

Question 2

How is Zap deployed?

Accepted Answer

Zap is Dockerized, making it easy to deploy and manage. It includes both the MCP server and OWASP ZAP within containers orchestrated using Docker Compose.

Question 3

Is Zap secure?

Accepted Answer

Yes, Zap is secured with API keys for both the OWASP ZAP instance and the MCP server, ensuring controlled access and preventing unauthorized use.

Question 4

What can Zap do?

Accepted Answer

Zap allows you to automate tasks such as spidering, active scanning, importing OpenAPI specifications, and generating HTML/JSON security reports using OWASP ZAP.

Question 5

What is Zap?

Accepted Answer

Zap is a Spring Boot application that acts as an MCP server, exposing OWASP ZAP's functionalities for automated security testing via AI agents and other MCP-compatible tools.

Zap

About

Key Features

Use Cases