Dynamic Application Security Testing (DAST)
Powered by OWASP ZAP Web Application Scanner
Active web application scanning for SQL injection, XSS, path traversal, and more. Crawls and tests your web apps like an attacker would.
What You Get
OWASP ZAP Web Application Scanner is fully integrated into Metric Tower's scanning engine. Launch it alongside 97 other modules, or run it on its own.
- SQL injection detection
- Cross-site scripting (XSS)
- Path traversal testing
- Authentication bypass checks
- JavaScript-aware crawling
Part of a 98-Module Platform
Metric Tower runs 98+ scanner modules through a six-phase pipeline. OWASP ZAP Web Application Scanner runs as one module in this pipeline. Its results feed into downstream scanners automatically.
98+
Scanner Modules
6
Scan Phases
5
Export Formats
9
Ticketing Integrations
How It Works
Metric Tower runs OWASP ZAP Web Application Scanner as one of 98+ integrated modules.
Add Your Target
Enter a domain, IP address, or URL. MetricTower validates the target and sets up the scan workspace.
Select Modules & Launch
Choose OWASP ZAP Web Application Scanner along with any combination of other modules. The pipeline handles dependencies and execution order.
Review Findings
View real-time results as the scan progresses. Triage findings, export reports in 5 formats, and route alerts to your team.
Compliance Alignment
Helps meet OWASP Top 10 coverage, PCI DSS 6.5.x, and ISO 27001 A.14.2.8.
Metric Tower is a security scanning tool -- it helps you meet compliance requirements but does not provide compliance certifications.
View all compliance mappings56+
Scanner Modules
6
Scan Phases
Real-Time
Results via WebSocket
SARIF
Export + 4 More Formats
Start Scanning with OWASP ZAP Web Application Scanner
Free tier available -- no credit card required.