OWASP® ZAP

  • Points – $1,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

24 vulnerabilities rewarded

Latest hall of famers

Recently joined this program

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pen testers to use for manual security testing.

OWASP supports many volunteers efforts to produce security tools which are used by many companies and developers in order to secure their applications. This bounty program run by OWASP is to ensure that these tools cannot be used as vectors to attack anyone who uses them.
OWASP is a registered trademark of the OWASP Foundation, Inc.

Getting Started Guide

Rewards

Remote Code Execution for this program will be rewarded at $1000. Happy hunting!

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.