Zed Attack Proxy - ZAP

ZAP overview (Power Point)

Up and Running Instructions

REMEMBER - this will do an INVASIVE scan when you do an 'Active Scan' - meaning it will try to do XSS, CSRF, etc so do NOT do an active scan on anything but your work!