BIRT Reports for ZAP Abstract OWASP ZAP (Zed Attack Proxy) is an open source penetration testing tool for finding vulnerabilities in web applications. The ZAP application’s current report capability is to generate limited types of reports for ZAP testing results in the formats such as in HTML and XML. Although these reports serve the basic purpose but they are not efficient when it comes to data manipulation and to provide support for flexible data formats such as PDF.

The proposed project shall provide the users of ZAP, a reporting module that will be integrated with the existing ZAP implementation. The module will use the existing ZAP result outputs and generate reports for the end-users to analyse the testing results in a productive way. Objectives: • Installed and Configured BIRT environment to be used in Eclipse OWASP ZAP project. • Be able to generate reports from the application using the BIRT report engine API. • Creation of prototype reports regarding the results output of the Sessions & attacks such as: Alerts, History, Search etc. • A new user interface for generating reports which is easy to use and provides the user with a wide range of options. • Analysis report of the pros-and cons of using BIRT within OWASP ZAP as a reporting tool.