Reposted by Simon Bennetts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org
February 17, 2026 at 5:06 PM
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef
Reposted by Simon Bennetts
New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql
Detecting Circular Type References in GraphQL Schemas
ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.
www.zaproxy.org
February 6, 2026 at 12:27 PM
New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql
Reposted by Simon Bennetts
New blog post: www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
ZAP Updates - 2025 Highlights and Plans for 2026
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
www.zaproxy.org
February 2, 2026 at 1:45 PM
New blog post: www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
We have made a good start on #AI integration in @zaproxy.org
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?
February 2, 2026 at 12:18 PM
We have made a good start on #AI integration in @zaproxy.org
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?
Reposted by Simon Bennetts
Reposted by Simon Bennetts
New “Getting Further with ZAP Scripting” pages: www.zaproxy.org/docs/getting...
Looking for something more? Let @psiinon.bsky.social know!
Looking for something more? Let @psiinon.bsky.social know!
ZAP – Getting Further with ZAP Scripting
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
January 8, 2026 at 5:30 PM
New “Getting Further with ZAP Scripting” pages: www.zaproxy.org/docs/getting...
Looking for something more? Let @psiinon.bsky.social know!
Looking for something more? Let @psiinon.bsky.social know!
Reposted by Simon Bennetts
Dear Open Source contributors: If your AI spent X mins on "enhancement" or "refactorings" but the project maintainer needs >X mins to fix guideline violations and broken code, you didn’t contribute—you drained time and motivation from Open Source maintainers.
infosec.exchange/@bkimminich/...
infosec.exchange/@bkimminich/...
Björn Kimminich :verified: (@bkimminich@infosec.exchange)
Dear aspiring Open Source contributors: If you spent X minutes to let your AI tool make some "enhancement", "refactoring", or "clean up", and it takes the project maintainer >X minutes to review and l...
infosec.exchange
December 24, 2025 at 1:50 AM
Dear Open Source contributors: If your AI spent X mins on "enhancement" or "refactorings" but the project maintainer needs >X mins to fix guideline violations and broken code, you didn’t contribute—you drained time and motivation from Open Source maintainers.
infosec.exchange/@bkimminich/...
infosec.exchange/@bkimminich/...
Reposted by Simon Bennetts
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
ZAP 2.17.0
ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.
www.zaproxy.org
December 15, 2025 at 3:16 PM
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
Reposted by Simon Bennetts
Reposted by Simon Bennetts
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
December 4, 2025 at 12:26 PM
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
Reposted by Simon Bennetts
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
ZAP Updates - November 2025
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
www.zaproxy.org
December 3, 2025 at 3:58 PM
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
Reposted by Simon Bennetts
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
www.zaproxy.org/blog/2025-11...
Enhancing ZAP with AI for Bug Bounty Hunting
Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection
www.zaproxy.org
November 28, 2025 at 1:53 PM
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
www.zaproxy.org/blog/2025-11...
Reposted by Simon Bennetts
ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
50 Million Errors in One Day?!
ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems
www.zaproxy.org
November 25, 2025 at 4:43 PM
ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
Reposted by Simon Bennetts
Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated
Feedback appreciated
Release w2025-11-24 · zaproxy/zaproxy
File
Checksum (SHA-256)
ZAP_WEEKLY_D-2025-11-24.zip
6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2
github.com
November 24, 2025 at 6:04 PM
Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated
Feedback appreciated
Reposted by Simon Bennetts
The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.
See www.cloudflarestatus.com for more information.
Cloudflare Status
Welcome to Cloudflare's home for real-time and historical data on system performance.
www.cloudflarestatus.com
November 18, 2025 at 2:35 PM
The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.
See www.cloudflarestatus.com for more information.
Reposted by Simon Bennetts
Reposted by Simon Bennetts
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
October 29, 2025 at 2:50 PM
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
Reposted by Simon Bennetts
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
SHH! ZAP Was Not So Silent
A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.
www.zaproxy.org
October 21, 2025 at 3:29 PM
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
Reposted by Simon Bennetts
Reposted by Simon Bennetts
Alert De-Duplication
How and why we will be reporting fewer “duplicate” alerts in ZAP.
www.zaproxy.org
September 30, 2025 at 1:17 PM
Reposted by Simon Bennetts
🎥 Want to level up your ZAP game?
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.
From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/
#YouDontKnowZAP
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.
From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/
#YouDontKnowZAP
ZAP – Videos
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
zaproxy.org
September 29, 2025 at 12:18 PM
🎥 Want to level up your ZAP game?
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.
From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/
#YouDontKnowZAP
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.
From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/
#YouDontKnowZAP
Reposted by Simon Bennetts
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
ZAP is Adopting WAVSEP
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org
September 8, 2025 at 3:13 PM
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
Reposted by Simon Bennetts
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
Configuring Scan Policies with Alert Tags
A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...
www.zaproxy.org
September 3, 2025 at 2:15 PM
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
Reposted by Simon Bennetts
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
ZAP Updates - August 2025
Microsoft Online Login Support, forking wavsep and much, much more!
www.zaproxy.org
September 2, 2025 at 12:49 PM
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
Reposted by Simon Bennetts
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...
ZAP Help — Translation Project on Crowdin
Help us translate ZAP Help and bring it to the world!
crowdin.com
August 21, 2025 at 2:09 PM
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...