Advertisement · 728 × 90

Posts by Simon Bennetts

Preview
Vibe Coding Security Fixes ZAP now has a “Generate Fix Prompt” option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?

Blog: Vibe coding security fixes.
www.zaproxy.org/blog/2026-04...
Learn how ZAP can help you make your vibe coded projects more secure.
#zaproxy #vibecoding #appsec

6 days ago 3 1 1 0
Use ZAP with KRO in Kubernetes Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.

Guest Blog: www.zaproxy.org/blog/2026-04...
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
℅ Trevor Mountney
#zaproxy #kubernetes #appsec

1 week ago 1 1 0 0
Preview
ZAP Updates - March 2026 ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.

Blog: ZAP Updates for March:
www.zaproxy.org/blog/2026-04...
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy #appsec

2 weeks ago 2 1 0 0
OWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough) OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST ...

This is huge!
www.zaproxy.org/blog/2026-04...
OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsec

2 weeks ago 6 2 0 0
Preview
Introducing DeepViolet Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis

New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
www.zaproxy.org/blog/2026-03...
Thanks to Milton Smith
#zaproxy #deepviolet #appsec

1 month ago 7 4 0 0
Preview
ZAP Updates - February 2026 February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.

New blog post: ZAP Updates - February 2026
www.zaproxy.org/blog/2026-03...
#zaproxy #appsec

1 month ago 2 1 0 0
Preview
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef

2 months ago 4 3 0 0
Preview
Detecting Circular Type References in GraphQL Schemas ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.

New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql

2 months ago 4 1 0 0
Preview
ZAP Updates - 2025 Highlights and Plans for 2026 Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!

New blog post: www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai

2 months ago 4 3 0 0

We have made a good start on #AI integration in @zaproxy.org
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?

2 months ago 1 1 0 0
Advertisement
OWASP PTK Integration with ZAP OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testi...

www.zaproxy.org/blog/2026-01...
#zaproxy #owasp #appsec

3 months ago 5 4 0 0
ZAP – Getting Further with ZAP Scripting The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

New “Getting Further with ZAP Scripting” pages: www.zaproxy.org/docs/getting...
Looking for something more? Let @psiinon.bsky.social know!

3 months ago 2 1 0 0
Björn Kimminich :verified: (@bkimminich@infosec.exchange) Dear aspiring Open Source contributors: If you spent X minutes to let your AI tool make some "enhancement", "refactoring", or "clean up", and it takes the project maintainer >X minutes to review and l...

Dear Open Source contributors: If your AI spent X mins on "enhancement" or "refactorings" but the project maintainer needs >X mins to fix guideline violations and broken code, you didn’t contribute—you drained time and motivation from Open Source maintainers.

infosec.exchange/@bkimminich/...

3 months ago 4 3 1 0
Preview
ZAP 2.17.0 ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.

ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

4 months ago 5 2 0 0
Preview
React2Shell Detection with ZAP React2Shell is the latest big “named” vulnerability - heres how you can detect it with ZAP.

New blog post: #React2Shell Detection with ZAP
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

4 months ago 8 4 0 0

The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.

4 months ago 4 2 0 0
Preview
ZAP Updates - November 2025 2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!

ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec

4 months ago 2 1 0 0
Advertisement
Enhancing ZAP with AI for Bug Bounty Hunting Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection

New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...

4 months ago 3 1 0 0
50 Million Errors in One Day?! ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems

ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

4 months ago 6 1 0 0
Preview
Release w2025-11-24 · zaproxy/zaproxy File Checksum (SHA-256) ZAP_WEEKLY_D-2025-11-24.zip 6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2

Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated

4 months ago 2 2 0 0
Cloudflare Status Welcome to Cloudflare's home for real-time and historical data on system performance.

The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.

5 months ago 2 1 0 0
Preview
ZAP Updates - October 2025 Systemic alerts, check for updates bug, auth improvements, project pulse, etc See what the ZAP team has been up to.

ZAP Updates for October:
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

5 months ago 4 1 0 0

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

5 months ago 1 1 0 0
SHH! ZAP Was Not So Silent A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...

6 months ago 3 2 0 0
Preview
ZAP Updates - September 2025 Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.

ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy #appsec

6 months ago 3 2 0 0
Preview
Alert De-Duplication How and why we will be reporting fewer “duplicate” alerts in ZAP.

New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

6 months ago 3 3 0 0
ZAP – Videos The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

🎥 Want to level up your ZAP game?
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.

From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/

#YouDontKnowZAP

6 months ago 3 2 0 0
Advertisement
Preview
ZAP is Adopting WAVSEP The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org/blog/2025-09...

#zaproxy #appsec #wavsep

7 months ago 1 1 0 0
Preview
Configuring Scan Policies with Alert Tags A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...

You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

7 months ago 4 2 0 0
Preview
ZAP Updates - August 2025 Microsoft Online Login Support, forking wavsep and much, much more!

ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...

Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec

7 months ago 2 1 0 0