OWASP ZAP Ref — Libor Benes (Dr. B)

OWASP ZAP Ref is a lightweight, security-first Firefox sidebar reference that provides instant access to OWASP ZAP workflows, test methodologies, and configuration guidance — all without ever leaving your browser or sending data anywhere.

OWASP ZAP (Zed Attack Proxy) is the world’s most widely used, free, and open-source web application security scanner, designed for developers and functional testers to find vulnerabilities. It acts as a man-in-the-middle proxy between a browser and the web app to intercept, analyze, and safely test applications.

🔍 What OWASP ZAP Ref Does:
• Provides a clean sidebar with 17 reference sections covering all major ZAP areas.
• Each section contains step-by-step methodology and configuration guidance.
• View concrete command and code examples with one-click copy to clipboard.
• One-click access to official ZAP documentation and the OWASP Web Security Testing Guide.
• Instant search filtering by section title and category tag.

✨ KEY FEATURES:
• 17 reference sections with expandable panels.
• Smart title-only search (focused on topics, not noise).
• Category tag pills colour-coded by area: Setup, Scan, Auth, Vulns, Safety, Script, Ref.
• Copy buttons on every command and code snippet.
• OWASP Top 10 mapping to specific ZAP scan rules.
• Alert severity level guide (High / Medium / Low / Info).
• ZAP keyboard shortcuts reference.
• Curated add-on recommendations with descriptions.
• Clean, readable interface optimised for sidebar width.
• Extremely lightweight (~45 KB).

🔒 SECURITY-FIRST ARCHITECTURE:
• 100% client-side — no external requests.
• No data collection — explicitly declared in manifest.json.
• No telemetry, no analytics, no servers.
• No eval() or innerHTML — safe DOM construction only.
• Proper input validation and length-capping on search.
• Minimal permissions — only clipboardWrite.

📚 SECTIONS COVERED:
Overview
Proxy Setup
Spider & Crawling
Scanners
Authentication Handling
Alert Severity Levels
OWASP Top 10 Mapping
API & GraphQL Testing
Scripting
Safety First
Sample Settings
Keyboard Shortcuts
Reporting
Useful Add-ons
Checklist
Glossary
Resources

💡 PERFECT FOR:
• Penetration testers needing a quick ZAP workflow reference.
• Developers setting up ZAP for the first time.
• Security engineers conducting web application assessments.
• Bug bounty hunters running proxy-based testing.
• Students learning web application security tooling.

🔍 SEARCH BEHAVIOR:
Searches section titles and category tag labels only — not panel content or code examples. This intentional design avoids noise from common words appearing across many sections. Search for topics like "authentication", "spider", "scripting", or "api" to get focused, relevant results.

Legal & Attribution:
• Not an official product of, or endorsed by, the OWASP Foundation or the ZAP project.
• Content sourced from the OWASP ZAP project and the OWASP Foundation.
• License: content used under the CC BY-SA 4.0 license where applicable.
• "OWASP" and "ZAP" are used for identification purposes only, as required by applicable trademark guidelines.

OWASP ZAP Ref => Know the tool. => Test safe.