OWASP ZAP 2.3.0 is now available : http://code.google.com/p/zaproxy/wiki/Downloads?tm=2
There are a large number of changes in this release, so this post will just give a high level overview of some of the most significant changes
ZAP ‘lite’ version
For this release we are providing a ‘lite’ version of ZAP in addition to the ‘full’ version. This contains exactly the same core code, but it just includes fewer default add-ons. Of course, you can download all of the ‘missing’ add-ons from the ZAP marketplace to ‘upgrade’ the lite version to a full one.
The ‘lite’ version is aimed at people new to security who need less initial functionality which will hopefully be easier to get started with. It will also be suitable for people looking for a smaller download or those wishing to customize exactly which add-ons they install.
Support for client-side (browser) events
You can now view, intercept, manipulate, resend and fuzz client-side events. This includes postMessages, so you can now detect DOM based XSS vulnerabilities in postMessages. This is the first phase in a series of planned changes to support the testing of AJAX and HTML5 applications even more effectively.
more here.....http://owasp.blogspot.co.uk/2014/04/owasp-zap-230.html
There are a large number of changes in this release, so this post will just give a high level overview of some of the most significant changes
ZAP ‘lite’ version
For this release we are providing a ‘lite’ version of ZAP in addition to the ‘full’ version. This contains exactly the same core code, but it just includes fewer default add-ons. Of course, you can download all of the ‘missing’ add-ons from the ZAP marketplace to ‘upgrade’ the lite version to a full one.
The ‘lite’ version is aimed at people new to security who need less initial functionality which will hopefully be easier to get started with. It will also be suitable for people looking for a smaller download or those wishing to customize exactly which add-ons they install.
Support for client-side (browser) events
You can now view, intercept, manipulate, resend and fuzz client-side events. This includes postMessages, so you can now detect DOM based XSS vulnerabilities in postMessages. This is the first phase in a series of planned changes to support the testing of AJAX and HTML5 applications even more effectively.
more here.....http://owasp.blogspot.co.uk/2014/04/owasp-zap-230.html