Advertisement · 728 × 90

Posts by ZAP by Checkmarx

Preview
Vibe Coding Security Fixes ZAP now has a “Generate Fix Prompt” option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?

Blog: Vibe coding security fixes.
www.zaproxy.org/blog/2026-04...
Learn how ZAP can help you make your vibe coded projects more secure.
#zaproxy #vibecoding #appsec

1 day ago 3 1 1 0
Use ZAP with KRO in Kubernetes Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.

Guest Blog: www.zaproxy.org/blog/2026-04...
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
℅ Trevor Mountney
#zaproxy #kubernetes #appsec

2 days ago 1 1 0 0
Preview
ZAP Updates - March 2026 ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.

Blog: ZAP Updates for March:
www.zaproxy.org/blog/2026-04...
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy #appsec

1 week ago 2 1 0 0
The ZAP MCP Server Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your application—all through natural conversation.

Introducing the ZAP MCP Server www.zaproxy.org/blog/2026-04...
#zaproxy #mcp #ai #appsec

2 weeks ago 3 0 0 0
OWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough) OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST ...

This is huge!
www.zaproxy.org/blog/2026-04...
OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsec

2 weeks ago 6 2 0 0
Preview
Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, buil...

New ZAP Blog Post: www.zaproxy.org/blog/2026-03...
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines.
Thanks to the Seqra Team!
#zaproxy #appsec

2 weeks ago 3 0 0 0
Preview
Introducing DeepViolet Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis

New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
www.zaproxy.org/blog/2026-03...
Thanks to Milton Smith
#zaproxy #deepviolet #appsec

4 weeks ago 7 4 0 0
Preview
ZAP Updates - February 2026 February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.

New blog post: ZAP Updates - February 2026
www.zaproxy.org/blog/2026-03...
#zaproxy #appsec

1 month ago 2 1 0 0
Advertisement
Custom Browsers and Preferences You can now add custom browsers to ZAP and manage any browser preferences.

Do you need even more control over the browsers that you can launch from ZAP?
You’ve got it!
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec

1 month ago 2 0 0 0
Preview
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef

1 month ago 4 3 0 0
Preview
Detecting Circular Type References in GraphQL Schemas ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.

New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql

2 months ago 4 1 0 0
Preview
ZAP Updates - 2025 Highlights and Plans for 2026 Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!

New blog post: www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai

2 months ago 4 3 0 0
OWASP PTK Integration with ZAP OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testi...

www.zaproxy.org/blog/2026-01...
#zaproxy #owasp #appsec

2 months ago 5 4 0 0
ZAP – Getting Further with ZAP Scripting The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

New “Getting Further with ZAP Scripting” pages: www.zaproxy.org/docs/getting...
Looking for something more? Let @psiinon.bsky.social know!

3 months ago 2 1 0 0
Preview
ZAP 2.17.0 ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.

ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

4 months ago 5 2 0 0
Advertisement
Preview
React2Shell Detection with ZAP React2Shell is the latest big “named” vulnerability - heres how you can detect it with ZAP.

New blog post: #React2Shell Detection with ZAP
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

4 months ago 8 4 0 0

The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.

4 months ago 4 2 0 0
Preview
ZAP Updates - November 2025 2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!

ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec

4 months ago 2 1 0 0
Enhancing ZAP with AI for Bug Bounty Hunting Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection

New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...

4 months ago 3 1 0 0
50 Million Errors in One Day?! ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems

ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

4 months ago 6 1 0 0
Preview
Release w2025-11-24 · zaproxy/zaproxy File Checksum (SHA-256) ZAP_WEEKLY_D-2025-11-24.zip 6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2

Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated

4 months ago 2 2 0 0
Cloudflare Status Welcome to Cloudflare's home for real-time and historical data on system performance.

The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.

4 months ago 2 1 0 0
Advertisement
Preview
ZAP Updates - October 2025 Systemic alerts, check for updates bug, auth improvements, project pulse, etc See what the ZAP team has been up to.

ZAP Updates for October:
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

5 months ago 4 1 0 0

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

5 months ago 1 1 0 0
SHH! ZAP Was Not So Silent A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...

5 months ago 3 2 0 0
Preview
Solving Caido Labs In this blog we show how to solve Caido labs using ZAP.

ZAP Blog: How to solve the Caido Labs using ZAP
www.zaproxy.org/blog/2025-10...
c/o 5ubterranean_

6 months ago 1 0 0 1
Preview
ZAP Updates - September 2025 Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.

ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy #appsec

6 months ago 3 2 0 0
Preview
Alert De-Duplication How and why we will be reporting fewer “duplicate” alerts in ZAP.

New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

6 months ago 3 3 0 0
Preview
ZAP is Adopting WAVSEP The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org/blog/2025-09...

#zaproxy #appsec #wavsep

7 months ago 1 1 0 0
Preview
Configuring Scan Policies with Alert Tags A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...

You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

7 months ago 4 2 0 0