The Zed Attack Proxy (ZAP) is a penetration test tool designed to be used to make web applications more secure.
While ZAP can detect some security issues automatically, it is primarily designed to help you find security vulnerabilities manually.
Unlike some security tools it is designed to be used by people with a wide range of security experience.
As such it is ideal for developers and functional testers who a new to penetration testing.
Some of ZAP's features:
- Intercepting proxy
- Automated scanner
- Passive scanner
Some of ZAP's characteristics:
- Easy to install (just requires java 1.6)
- Ease of use a priority
- Comprehensive help pages
- Under active development
- Open source
- Free (no paid for 'Pro' version)
- Cross platform
- Involvement actively encouraged
ZAP is a fork of the well regarded Paros Proxy.
Details of the changes made are here: 1.0.0
Be great if you would consider including it on Backtrack.