ZAP by Checkmarx
@zaproxy.org
The Worlds Most Popular Web App Scanner.
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
October 29, 2025 at 2:50 PM
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
SHH! ZAP Was Not So Silent
A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.
www.zaproxy.org
October 21, 2025 at 3:29 PM
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
Solving Caido Labs
In this blog we show how to solve Caido labs using ZAP.
www.zaproxy.org
October 15, 2025 at 2:46 PM
Alert De-Duplication
How and why we will be reporting fewer “duplicate” alerts in ZAP.
www.zaproxy.org
September 30, 2025 at 1:17 PM
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
ZAP is Adopting WAVSEP
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org
September 8, 2025 at 3:13 PM
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
Configuring Scan Policies with Alert Tags
A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...
www.zaproxy.org
September 3, 2025 at 2:15 PM
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
ZAP Updates - August 2025
Microsoft Online Login Support, forking wavsep and much, much more!
www.zaproxy.org
September 2, 2025 at 12:49 PM
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...
ZAP Help — Translation Project on Crowdin
Help us translate ZAP Help and bring it to the world!
crowdin.com
August 21, 2025 at 2:09 PM
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...
We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
Slack
www.zaproxy.org
August 15, 2025 at 10:00 AM
We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
August 13, 2025 at 9:42 AM
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org
August 1, 2025 at 4:43 PM
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
July 28, 2025 at 10:17 AM
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
The New 'ZAP is Out of Date' Rule
If you are using an old version of ZAP then you might start seeing a new alert…
www.zaproxy.org
July 25, 2025 at 1:33 PM
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
#zaproxy #appsec
Timing Related Scan Rule Changes
Scan rules related to time based attacks have been split or renamed.
www.zaproxy.org
July 22, 2025 at 1:00 PM
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
#zaproxy #appsec
None of the major browsers are currently flagging the latest ZAP downloads as suspicious🎉
Thank you to whoever sorted that out!
Thank you to whoever sorted that out!
July 14, 2025 at 12:41 PM
None of the major browsers are currently flagging the latest ZAP downloads as suspicious🎉
Thank you to whoever sorted that out!
Thank you to whoever sorted that out!
As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
Authentication Improvements
We’ve made a lot of improvements in ZAP’s handling of authentication - here’s a summary of the most significant changes we’ve made.
www.zaproxy.org
July 3, 2025 at 12:53 PM
As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
ZAP updates for June:
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
ZAP Updates - June 2025
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org
July 1, 2025 at 2:22 PM
ZAP updates for June:
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it.
We've updated the Download page www.zaproxy.org/download/
We've updated the Download page www.zaproxy.org/download/
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
June 30, 2025 at 4:58 PM
All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it.
We've updated the Download page www.zaproxy.org/download/
We've updated the Download page www.zaproxy.org/download/
An Introduction to ZAP by Checkmarx - Official Version
YouTube video by ZAP
youtu.be
June 30, 2025 at 3:15 PM
Mega add-on update alert!
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...
June 20, 2025 at 1:34 PM
Mega add-on update alert!
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...
We have started to document how to configure ZAP against well known vulnerable apps: www.zaproxy.org/docs/testapps/ Let @psiinon.bsky.social know if you have any feedback or specific requests
ZAP – ZAP Vs Test Apps
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
June 10, 2025 at 3:06 PM
We have started to document how to configure ZAP against well known vulnerable apps: www.zaproxy.org/docs/testapps/ Let @psiinon.bsky.social know if you have any feedback or specific requests