ZAP by Checkmarx
@zaproxy.org
š¤ 1110
š„ 3
š 59
The Worlds Most Popular Web App Scanner.
www.zaproxy.org/blog/2026-01...
#zaproxy
#owasp
#appsec
loading . . .
OWASP PTK Integration with ZAP
OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTKās DAST, IAST, SAST, and SCA inside the same authenticated session youāre testi...
https://www.zaproxy.org/blog/2026-01-19-owasp-ptk-add-on/
9 days ago
0
4
3
New āGetting Further with ZAP Scriptingā pages:
www.zaproxy.org/docs/getting...
Looking for something more? Let
@psiinon.bsky.social
know!
loading . . .
ZAP ā Getting Further with ZAP Scripting
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/getting-further/scripting/
20 days ago
0
2
1
ZAP 2.17.0 is now available! It includes performance improvements, a significant reduction in āduplicateā alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy
#appsec
loading . . .
ZAP 2.17.0
ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of āduplicateā alerts reported.
https://www.zaproxy.org/blog/2025-12-15-zap-2-17-0/
about 1 month ago
0
5
2
New blog post:
#React2Shell
Detection with ZAP
www.zaproxy.org/blog/2025-12...
#zaproxy
#appsec
loading . . .
React2Shell Detection with ZAP
React2Shell is the latest big ānamedā vulnerability - heres how you can detect it with ZAP.
https://www.zaproxy.org/blog/2025-12-05-react2shell-detection-with-zap/
about 2 months ago
0
8
4
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
about 2 months ago
0
4
2
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy
#appsec
loading . . .
ZAP Updates - November 2025
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
https://www.zaproxy.org/blog/2025-12-03-zap-updates-november-2025/
about 2 months ago
0
2
1
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
loading . . .
Enhancing ZAP with AI for Bug Bounty Hunting
Building an intelligent security testing system that leverages ZAPās automation capabilities and machine learning to improve vulnerability detection
https://www.zaproxy.org/blog/2025-11-28-enhancing-zap-with-ai-for-bug-bounty-hunting/
2 months ago
0
3
1
ZAP logged 50 MILLION errors yesterday š® Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy
#appsec
loading . . .
50 Million Errors in One Day?!
ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems
https://www.zaproxy.org/blog/2025-11-25-50-million-errors-in-one-day/
2 months ago
0
6
1
Todayās weekly is the 2.17 Release Candidate!
github.com/zaproxy/zapr...
Feedback appreciated
loading . . .
Release w2025-11-24 Ā· zaproxy/zaproxy
File Checksum (SHA-256) ZAP_WEEKLY_D-2025-11-24.zip 6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2
https://github.com/zaproxy/zaproxy/releases/tag/w2025-11-24
2 months ago
0
2
2
The ZAP services may well be unavailable due to the ongoing Cloudflare problems. See
www.cloudflarestatus.com
for more information.
loading . . .
Cloudflare Status
Welcome to Cloudflare's home for real-time and historical data on system performance.
https://www.cloudflarestatus.com/
2 months ago
0
2
1
ZAP Updates for October:
www.zaproxy.org/blog/2025-11...
#zaproxy
#appsec
loading . . .
ZAP Updates - October 2025
Systemic alerts, check for updates bug, auth improvements, project pulse, etc See what the ZAP team has been up to.
https://www.zaproxy.org/blog/2025-11-06-zap-updates-october-2025/
3 months ago
0
4
1
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
3 months ago
0
1
1
Sorry, we messed up! A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode. For more details see
www.zaproxy.org/blog/2025-10...
loading . . .
SHH! ZAP Was Not So Silent
A new ZAP scan rule unintentionally caused a Check for Updates call even when āsilentā mode was used.
https://www.zaproxy.org/blog/2025-10-21-zap-was-not-so-silent/
3 months ago
0
3
2
ZAP Blog: How to solve the Caido Labs using ZAP
www.zaproxy.org/blog/2025-10...
c/o 5ubterranean_
loading . . .
Solving Caido Labs
In this blog we show how to solve Caido labs using ZAP.
https://www.zaproxy.org/blog/2025-10-15-solving-caido-labs/
3 months ago
0
1
1
ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy
#appsec
loading . . .
ZAP Updates - September 2025
Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.
https://www.zaproxy.org/blog/2025-10-01-zap-updates-september-2025/
4 months ago
0
3
2
New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
loading . . .
Alert De-Duplication
How and why we will be reporting fewer āduplicateā alerts in ZAP.
https://www.zaproxy.org/blog/2025-09-30-alert-de-duplication/
4 months ago
0
3
3
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
#wavsep
loading . . .
ZAP is Adopting WAVSEP
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
https://www.zaproxy.org/blog/2025-09-08-zap-is-adopting-wavsep/
5 months ago
0
1
1
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
loading . . .
Configuring Scan Policies with Alert Tags
A new feature in ZAPās automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...
https://www.zaproxy.org/blog/2025-09-03-configuring-scan-policies-with-alert-tags/
5 months ago
0
4
2
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy
#appsec
loading . . .
ZAP Updates - August 2025
Microsoft Online Login Support, forking wavsep and much, much more!
https://www.zaproxy.org/blog/2025-09-02-zap-updates-august-2025/
5 months ago
0
2
1
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
loading . . .
ZAP Help ā Translation Project on Crowdin
Help us translate ZAP Help and bring it to the world!
https://crowdin.com/project/zap-help
5 months ago
0
3
1
We have a new
#evangelists
channel on the ZAP Slack:
www.zaproxy.org/slack/
For an invite go to
www.zaproxy.org/slack/invite
Join up and help spread the word about
#zaproxy
!
loading . . .
Slack
https://www.zaproxy.org/slack/
6 months ago
0
2
2
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted. If you were pulling from this org then please switch to the zaproxy org or use GHCR as per
www.zaproxy.org/download/#do...
#zaproxy
#appsec
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/#docker
6 months ago
0
5
2
ZAP Updates - July 2025 Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy
#appsec
loading . . .
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
https://www.zaproxy.org/blog/2025-08-01-zap-updates-july-2025/
6 months ago
0
3
2
Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained. Update your ZAP installs now!
#zaproxy
#appsec
6 months ago
0
8
3
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options:
www.zaproxy.org/download/#do...
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/#docker
6 months ago
1
5
2
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
The New 'ZAP is Out of Date' Rule
If you are using an old version of ZAP then you might start seeing a new alertā¦
https://www.zaproxy.org/blog/2025-07-25-the-new-zap-is-out-of-date-rule/
6 months ago
0
3
2
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks.
@kingthorin.bsky.social
has written about it here:
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Timing Related Scan Rule Changes
Scan rules related to time based attacks have been split or renamed.
https://www.zaproxy.org/blog/2025-07-22-timing-rule-changes/
6 months ago
0
2
2
None of the major browsers are currently flagging the latest ZAP downloads as suspiciousš Thank you to whoever sorted that out!
7 months ago
0
3
1
ZAP now has full support for Microsoft Edge š
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Edge Support
ZAP now has ātier 1ā support for Microsoft Edge, including exploring, crawling, and attacking.
https://www.zaproxy.org/blog/2025-07-10-edge-support/
7 months ago
0
6
3
As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Authentication Improvements
Weāve made a lot of improvements in ZAPās handling of authentication - hereās a summary of the most significant changes weāve made.
https://www.zaproxy.org/blog/2025-07-03-authentication-improvements/
7 months ago
0
6
3
ZAP updates for June: A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
ZAP Updates - June 2025
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
https://www.zaproxy.org/blog/2025-07-01-zap-updates-june-2025/
7 months ago
0
5
2
All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it. We've updated the Download page
www.zaproxy.org/download/
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/
7 months ago
0
4
3
Still unsure of what ZAP does? See this video..
youtu.be/yywD8ebNn6o
#zaproxy
#dast
#appsec
loading . . .
An Introduction to ZAP by Checkmarx - Official Version
YouTube video by ZAP
https://youtu.be/yywD8ebNn6o
7 months ago
0
6
2
Mega add-on update alert! We've just upload loads of add-ons, so update your ZAP instances ASAP. Lots of authentication improvements have been included, more details coming soon ...
7 months ago
0
6
3
We have started to document how to configure ZAP against well known vulnerable apps:
www.zaproxy.org/docs/testapps/
Let
@psiinon.bsky.social
know if you have any feedback or specific requests
loading . . .
ZAP ā ZAP Vs Test Apps
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/testapps/
8 months ago
0
8
4
www.zaproxy.org/docs/getting...
#zaproxy
#appsec
loading . . .
ZAP ā Is My App Security Testable?
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/getting-further/is-my-app-testable/
9 months ago
0
3
1
Heres what the ZAP team have been working on during April
www.zaproxy.org/blog/2025-05...
loading . . .
ZAP Updates - April 2025
April 2025 updates and ongoing feature development statuses.
https://www.zaproxy.org/blog/2025-05-05-zap-updates-april-2025/
9 months ago
0
7
2
ZAP just won an award! Thanks DefectDojo!
www.zaproxy.org/blog/2025-04...
#zaproxy
#appsec
#award
loading . . .
ZAP Wins Inaugural DefectDojo Award for Open-Source Cybersecurity
ZAP was recognised as being one of the best dynamic application security testing (DAST) Tools.
https://www.zaproxy.org/blog/2025-04-22-zap-wins-inaugural-defectdojo-award-for-open-source/
9 months ago
0
6
2
New ZAP blog post c/o Jemimah O
www.zaproxy.org/blog/2025-04...
#zaproxy
#appsec
loading . . .
PortSwigger Labs: Broken Brute-Force Protection, IP Block
Walkthrough for the PortSwigger lab, āBroken brute-force protection, IP blockā.
https://www.zaproxy.org/blog/2025-04-09-portswigger-labs-broken-brute-force-protection-ip-block/
10 months ago
0
1
1
The monthly ZAP Update Blog Post:
www.zaproxy.org/blog/2025-04...
#zaproxy
#appsec
loading . . .
ZAP Updates - March 2025
We released 2.16.1 and made more authentication handling improvements.
https://www.zaproxy.org/blog/2025-04-02-zap-updates-march-2025/
10 months ago
0
2
1
ZAP by Checkmarx 2.16.1 has just been released. This is a bug fix release, along with some minor enhancements. See
www.zaproxy.org/blog/2025-03...
loading . . .
ZAP 2.16.1
ZAP 2.16.1 has just been released. This is a bug fix release, along with some minor enhancements
https://www.zaproxy.org/blog/2025-03-25-zap-2-16-1/
10 months ago
0
4
2
The monthly ZAP Update Blog Post:
www.zaproxy.org/blog/2025-03...
#zaproxy
#appsec
loading . . .
ZAP Updates - February 2025
Authentication, authentication, authenticationā¦ And there will be a 2.16.1 release āsoonā.
https://www.zaproxy.org/blog/2025-03-03-zap-updates-february-2025/
11 months ago
0
2
1
A new guest blog post c/o Bash Bunny
www.zaproxy.org/blog/2025-02...
loading . . .
Solving Portswigger Lab File Path Traversal Simple Case with ZAP
Video and explanation of How to Solve the Portswigger labs using ZAP, in this case: āPath Traversal Simple Caseā
https://www.zaproxy.org/blog/2025-02-27-portswigger-lab-file-path-traversal-simple-case/
11 months ago
0
3
1
There's now a ZAP Slack that's open to everyone. You can get an invite to it via
zaproxy.org/slack/invite
loading . . .
Slack Invite
https://zaproxy.org/slack/invite
11 months ago
0
9
6
youtu.be/OkELONAQyAY
loading . . .
ZAP Chat 20 Client Spider
YouTube video by ZAP
https://youtu.be/OkELONAQyAY
12 months ago
0
3
3
In ZAP 2.16.0 we introduced a new Client Spider š·ļø. This blog post and video explain why we did that, how it works, and where itās going.
www.zaproxy.org/blog/2025-01...
#zaproxy
#appsec
loading . . .
The Client Spider
We introduced a new Client Spider in ZAP 2.16.0, this blog post and video explain why we did that, how it works, and where itās going
https://www.zaproxy.org/blog/2025-01-31-client-spider/
12 months ago
0
7
4
Whats new in ZAP 2.16.0? See the latest ZAP Chat video:
youtu.be/o_IgsCaaQMo
loading . . .
ZAP Chat 19 Release 2.16.0
YouTube video by ZAP
https://youtu.be/o_IgsCaaQMo
about 1 year ago
0
2
2
ZAP by Checkmarx 2.16.0 has just been released. It includes a brand new spider, detachable tabs, policy definitions, and lots more... See
www.zaproxy.org/blog/2025-01...
loading . . .
ZAP 2.16.0
ZAP 2.16.0 has just been released. It includes a brand new spider, detachable tabs, policy definitions, and lots moreā¦
https://www.zaproxy.org/blog/2025-01-10-zap-2-16-0/
about 1 year ago
0
19
8
Todayās ZAP weekly release is the new 2.16.0 Release Candidate:
zaproxy.org/download/#we...
Please try it out and let
@psiinon.bsky.social
know how you get on with it!
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://zaproxy.org/download/#weekly
about 1 year ago
0
4
1
How to ZAP with Flagger in
@kubernetes.io
www.zaproxy.org/blog/2024-12...
loading . . .
Use ZAP with Flagger in Kubernetes
Learn how to integrate ZAP with Flagger in a Kubernetes cluster to scan the security of each new deployment.
https://www.zaproxy.org/blog/2024-12-24-use-zap-with-flagger-in-kubernetes/
about 1 year ago
0
10
6
Load more
feeds!
log in
