ZAP or Zed Attack Proxy is a tool for finding vulnerabilities in web software products.
It is designed so that not only developers and experts in security testing can use it; the tool is understandable for beginners in security testing as well.
It has scanners for automated testing and instruments for manual verification of the application security.
ZAP is open source and free: it is created by OWASP – a not-for-profit charitable organization focused on improving software security.