ZAP by Checkmarx
@zaproxy.org
š¤ 1134
š„ 3
š 72
The Worlds Most Popular Web App Scanner.
Blog: Automating OWASP PTK with ZAP (Phase 1) You can now automate OWASP pentestkit using ZAP
www.zaproxy.org/blog/2026-05...
#zaproxy
#owasp-ptk
#appsec
loading . . .
Automating OWASP PTK with ZAP (Phase 1)
ZAPās Automation Framework can now drive OWASP PTK scans using the Client Spider. This is an early release - we want you to try it and give us feedback while we work toward deeper integration with ZAP...
https://www.zaproxy.org/blog/2026-05-06-automating-owasp-ptk-with-zap-phase-1/
9 days ago
0
6
3
Blog: Vibe coding security fixes.
www.zaproxy.org/blog/2026-04...
Learn how ZAP can help you make your vibe coded projects more secure.
#zaproxy
#vibecoding
#appsec
loading . . .
Vibe Coding Security Fixes
ZAP now has a āGenerate Fix Promptā option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?
https://www.zaproxy.org/blog/2026-04-15-vibe-coding-security-fixes/
about 1 month ago
1
3
1
Guest Blog:
www.zaproxy.org/blog/2026-04...
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment. ā Trevor Mountney
#zaproxy
#kubernetes
#appsec
loading . . .
Use ZAP with KRO in Kubernetes
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
https://www.zaproxy.org/blog/2026-04-13-use-zap-with-kro-in-kubernetes/
about 1 month ago
0
1
1
Blog: ZAP Updates for March:
www.zaproxy.org/blog/2026-04...
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy
#appsec
loading . . .
ZAP Updates - March 2026
ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.
https://www.zaproxy.org/blog/2026-04-03-zap-updates-march-2026/
about 1 month ago
0
2
1
Introducing the ZAP MCP Server
www.zaproxy.org/blog/2026-04...
#zaproxy
#mcp
#ai
#appsec
loading . . .
The ZAP MCP Server
Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your applicationāall through natural conversation.
https://www.zaproxy.org/blog/2026-04-02-zap-mcp-server/
about 1 month ago
0
3
0
This is huge!
www.zaproxy.org/blog/2026-04...
OWASP PTK massively increases ZAPās browser side testing capabilities .. and automation is up next! Many thanks to Denis Podgurskii for this great integration.
#zaproxy
#owasp
#appsec
loading . . .
OWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough)
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST ...
https://www.zaproxy.org/blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/
about 1 month ago
0
6
2
New ZAP Blog Post:
www.zaproxy.org/blog/2026-03...
This post describes an approach that uses static analysis findings to guide ZAPās active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines. Thanks to the Seqra Team!
#zaproxy
#appsec
loading . . .
Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis
This post describes an approach that uses static analysis findings to guide ZAPās active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, buil...
https://www.zaproxy.org/blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/
about 2 months ago
0
3
0
New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAPās New TLS Analysis
www.zaproxy.org/blog/2026-03...
Thanks to Milton Smith
#zaproxy
#deepviolet
#appsec
loading . . .
Introducing DeepViolet
Introducing DeepViolet: The Engine Behind ZAPās New TLS Analysis
https://www.zaproxy.org/blog/2026-03-19-introducing-deepviolet/
about 2 months ago
0
7
4
New blog post: ZAP Updates - February 2026
www.zaproxy.org/blog/2026-03...
#zaproxy
#appsec
loading . . .
ZAP Updates - February 2026
February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.
https://www.zaproxy.org/blog/2026-03-02-zap-updates-february-2026/
2 months ago
0
2
1
Do you need even more control over the browsers that you can launch from ZAP? Youāve got it!
www.zaproxy.org/blog/2026-02...
#zaproxy
#appsec
loading . . .
Custom Browsers and Preferences
You can now add custom browsers to ZAP and manage any browser preferences.
https://www.zaproxy.org/blog/2026-02-24-custom-browsers-and-preferences/
3 months ago
0
2
0
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy
#appsec
#cyberchef
loading . . .
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/
3 months ago
0
4
3
New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy
#appsec
#graphql
loading . . .
Detecting Circular Type References in GraphQL Schemas
ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.
https://www.zaproxy.org/blog/2026-02-06-detecting-graphql-cycles/
3 months ago
0
4
1
New blog post:
www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy
#appsec
#ai
loading . . .
ZAP Updates - 2025 Highlights and Plans for 2026
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
https://www.zaproxy.org/blog/2026-02-02-zap-updates-2025-highlights-2026-plans/
3 months ago
0
4
3
www.zaproxy.org/blog/2026-01...
#zaproxy
#owasp
#appsec
loading . . .
OWASP PTK Integration with ZAP
OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTKās DAST, IAST, SAST, and SCA inside the same authenticated session youāre testi...
https://www.zaproxy.org/blog/2026-01-19-owasp-ptk-add-on/
4 months ago
0
5
4
New āGetting Further with ZAP Scriptingā pages:
www.zaproxy.org/docs/getting...
Looking for something more? Let
@psiinon.bsky.social
know!
loading . . .
ZAP ā Getting Further with ZAP Scripting
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/getting-further/scripting/
4 months ago
0
2
1
ZAP 2.17.0 is now available! It includes performance improvements, a significant reduction in āduplicateā alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy
#appsec
loading . . .
ZAP 2.17.0
ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of āduplicateā alerts reported.
https://www.zaproxy.org/blog/2025-12-15-zap-2-17-0/
5 months ago
0
5
2
New blog post:
#React2Shell
Detection with ZAP
www.zaproxy.org/blog/2025-12...
#zaproxy
#appsec
loading . . .
React2Shell Detection with ZAP
React2Shell is the latest big ānamedā vulnerability - heres how you can detect it with ZAP.
https://www.zaproxy.org/blog/2025-12-05-react2shell-detection-with-zap/
5 months ago
0
8
4
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
5 months ago
0
4
2
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy
#appsec
loading . . .
ZAP Updates - November 2025
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
https://www.zaproxy.org/blog/2025-12-03-zap-updates-november-2025/
5 months ago
0
2
1
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
loading . . .
Enhancing ZAP with AI for Bug Bounty Hunting
Building an intelligent security testing system that leverages ZAPās automation capabilities and machine learning to improve vulnerability detection
https://www.zaproxy.org/blog/2025-11-28-enhancing-zap-with-ai-for-bug-bounty-hunting/
6 months ago
0
3
1
ZAP logged 50 MILLION errors yesterday š® Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy
#appsec
loading . . .
50 Million Errors in One Day?!
ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems
https://www.zaproxy.org/blog/2025-11-25-50-million-errors-in-one-day/
6 months ago
0
6
1
Todayās weekly is the 2.17 Release Candidate!
github.com/zaproxy/zapr...
Feedback appreciated
loading . . .
Release w2025-11-24 Ā· zaproxy/zaproxy
File Checksum (SHA-256) ZAP_WEEKLY_D-2025-11-24.zip 6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2
https://github.com/zaproxy/zaproxy/releases/tag/w2025-11-24
6 months ago
0
2
2
The ZAP services may well be unavailable due to the ongoing Cloudflare problems. See
www.cloudflarestatus.com
for more information.
loading . . .
Cloudflare Status
Welcome to Cloudflare's home for real-time and historical data on system performance.
https://www.cloudflarestatus.com/
6 months ago
0
2
1
ZAP Updates for October:
www.zaproxy.org/blog/2025-11...
#zaproxy
#appsec
loading . . .
ZAP Updates - October 2025
Systemic alerts, check for updates bug, auth improvements, project pulse, etc See what the ZAP team has been up to.
https://www.zaproxy.org/blog/2025-11-06-zap-updates-october-2025/
6 months ago
0
4
1
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
7 months ago
0
1
1
Sorry, we messed up! A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode. For more details see
www.zaproxy.org/blog/2025-10...
loading . . .
SHH! ZAP Was Not So Silent
A new ZAP scan rule unintentionally caused a Check for Updates call even when āsilentā mode was used.
https://www.zaproxy.org/blog/2025-10-21-zap-was-not-so-silent/
7 months ago
0
3
2
ZAP Blog: How to solve the Caido Labs using ZAP
www.zaproxy.org/blog/2025-10...
c/o 5ubterranean_
loading . . .
Solving Caido Labs
In this blog we show how to solve Caido labs using ZAP.
https://www.zaproxy.org/blog/2025-10-15-solving-caido-labs/
7 months ago
0
1
1
ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy
#appsec
loading . . .
ZAP Updates - September 2025
Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.
https://www.zaproxy.org/blog/2025-10-01-zap-updates-september-2025/
8 months ago
0
3
2
New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
loading . . .
Alert De-Duplication
How and why we will be reporting fewer āduplicateā alerts in ZAP.
https://www.zaproxy.org/blog/2025-09-30-alert-de-duplication/
8 months ago
0
3
3
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
#wavsep
loading . . .
ZAP is Adopting WAVSEP
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
https://www.zaproxy.org/blog/2025-09-08-zap-is-adopting-wavsep/
8 months ago
0
1
1
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy
#appsec
loading . . .
Configuring Scan Policies with Alert Tags
A new feature in ZAPās automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...
https://www.zaproxy.org/blog/2025-09-03-configuring-scan-policies-with-alert-tags/
8 months ago
0
4
2
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy
#appsec
loading . . .
ZAP Updates - August 2025
Microsoft Online Login Support, forking wavsep and much, much more!
https://www.zaproxy.org/blog/2025-09-02-zap-updates-august-2025/
9 months ago
0
2
1
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
loading . . .
ZAP Help ā Translation Project on Crowdin
Help us translate ZAP Help and bring it to the world!
https://crowdin.com/project/zap-help
9 months ago
0
3
1
We have a new
#evangelists
channel on the ZAP Slack:
www.zaproxy.org/slack/
For an invite go to
www.zaproxy.org/slack/invite
Join up and help spread the word about
#zaproxy
!
loading . . .
Slack
https://www.zaproxy.org/slack/
9 months ago
0
2
2
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted. If you were pulling from this org then please switch to the zaproxy org or use GHCR as per
www.zaproxy.org/download/#do...
#zaproxy
#appsec
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/#docker
9 months ago
0
5
2
ZAP Updates - July 2025 Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy
#appsec
loading . . .
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
https://www.zaproxy.org/blog/2025-08-01-zap-updates-july-2025/
10 months ago
0
3
2
Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained. Update your ZAP installs now!
#zaproxy
#appsec
10 months ago
0
8
3
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options:
www.zaproxy.org/download/#do...
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/#docker
10 months ago
1
5
2
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
The New 'ZAP is Out of Date' Rule
If you are using an old version of ZAP then you might start seeing a new alertā¦
https://www.zaproxy.org/blog/2025-07-25-the-new-zap-is-out-of-date-rule/
10 months ago
0
3
2
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks.
@kingthorin.bsky.social
has written about it here:
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Timing Related Scan Rule Changes
Scan rules related to time based attacks have been split or renamed.
https://www.zaproxy.org/blog/2025-07-22-timing-rule-changes/
10 months ago
0
2
2
None of the major browsers are currently flagging the latest ZAP downloads as suspiciousš Thank you to whoever sorted that out!
10 months ago
0
3
1
ZAP now has full support for Microsoft Edge š
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Edge Support
ZAP now has ātier 1ā support for Microsoft Edge, including exploring, crawling, and attacking.
https://www.zaproxy.org/blog/2025-07-10-edge-support/
10 months ago
0
6
3
As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
Authentication Improvements
Weāve made a lot of improvements in ZAPās handling of authentication - hereās a summary of the most significant changes weāve made.
https://www.zaproxy.org/blog/2025-07-03-authentication-improvements/
11 months ago
0
6
3
ZAP updates for June: A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy
#appsec
loading . . .
ZAP Updates - June 2025
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
https://www.zaproxy.org/blog/2025-07-01-zap-updates-june-2025/
11 months ago
0
5
2
All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it. We've updated the Download page
www.zaproxy.org/download/
loading . . .
ZAP ā Download
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/download/
11 months ago
0
4
3
Still unsure of what ZAP does? See this video..
youtu.be/yywD8ebNn6o
#zaproxy
#dast
#appsec
loading . . .
An Introduction to ZAP by Checkmarx - Official Version
YouTube video by ZAP
https://youtu.be/yywD8ebNn6o
11 months ago
0
6
2
Mega add-on update alert! We've just upload loads of add-ons, so update your ZAP instances ASAP. Lots of authentication improvements have been included, more details coming soon ...
11 months ago
0
6
3
We have started to document how to configure ZAP against well known vulnerable apps:
www.zaproxy.org/docs/testapps/
Let
@psiinon.bsky.social
know if you have any feedback or specific requests
loading . . .
ZAP ā ZAP Vs Test Apps
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/testapps/
11 months ago
0
8
4
www.zaproxy.org/docs/getting...
#zaproxy
#appsec
loading . . .
ZAP ā Is My App Security Testable?
The worldās most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
https://www.zaproxy.org/docs/getting-further/is-my-app-testable/
about 1 year ago
0
3
1
Heres what the ZAP team have been working on during April
www.zaproxy.org/blog/2025-05...
loading . . .
ZAP Updates - April 2025
April 2025 updates and ongoing feature development statuses.
https://www.zaproxy.org/blog/2025-05-05-zap-updates-april-2025/
about 1 year ago
0
7
2
Load more
feeds!
log in
