@zaproxy profile picture
Zed Attack Proxy @zaproxy

Official announcements (low vol) for ZAP by @Checkmarx - the worlds most popular web app scanner. Free and open source. infosec.exchange/@zaproxy

Joined June 2011
  • Tweets 967
  • Following 5
  • Followers 15,386
69 Photos and videos
Pinned Tweet
Zed Attack Proxy@zaproxy
1 Jan 2021
Want to learn more about ZAP? The latest tutorial videos are all linked off zaproxy.org/videos/ - we're adding to them all of the time.

6
45
98
ZAP now has a dedicated OWASP PTK active scan rule, so you can run the PTK rules in the ZAP active scanner. Check out the dramatic improvement in the scores vs Google Firing Range! zaproxy.org/blog/2026-06-05-… #zaproxy #owaspptk #appsec

Automating OWASP PTK with ZAP (Phase 2)

ZAP now has a dedicated PTK active scan rule, so you can run the PTK rules in the ZAP active scanner. And there are still more changes planned, but the results against Firing Range have been dramatic!

zaproxy.org
7
6
1,930
In May ZAP learned to scan MCP servers as a first-class target, OWASP PTK automation reached Phase 1, and the Params extension moved out of the core into its own add-on. zaproxy.org/blog/2026-06-02-… #zaproxy #appsec

ZAP Updates - May 2026

In May ZAP learned to scan MCP servers as a first-class target, OWASP PTK automation reached Phase 1, and the Params extension moved out of the core into its own add-on.

zaproxy.org
9
7
831
ZAP can now scan MCP Servers, in the Desktop, Automation Framework and in a new GitHub Action. Read all about it on the blog: zaproxy.org/blog/2026-05-21-… #zaproxy #appsec #mcp

Scanning MCP Servers with ZAP

ZAP can now scan MCP (Model Context Protocol) servers as a first-class target. Import an MCP server from the ZAP desktop or the Automation Framework, or run the new action-mcp-scan GitHub Action to...

zaproxy.org
15
27
1,817
ZAP April report zaproxy.org/blog/2026-05-01-… Nearly 10 Million runs, and over 15,000 GitHub stars! #zaproxy #appsec

ZAP Updates - April 2026

ZAP was started nearly 10 million times in April, and the main zaproxy repo hit 15,000 GitHub stars. Read on for blog post summaries and the full add-on changelog.

zaproxy.org
3
7
438
Blog: Automating OWASP PTK with ZAP (Phase 1) You can now automate @OWASP @pentestkit using ZAP zaproxy.org/blog/2026-05-06-… #zaproxy #owasp #appsec

Automating OWASP PTK with ZAP (Phase 1)

ZAP’s Automation Framework can now drive OWASP PTK scans using the Client Spider. This is an early release - we want you to try it and give us feedback while we work toward deeper integration with...

zaproxy.org
9
20
3,448
Shout out to github.com/sariseko55 for being the 15,000th person to star ⭐️ the @zaproxy core repo on Friday the 17th 🎉 #GitHub #Achievement

sariseko55 - Overview

sariseko55 has 2 repositories available. Follow their code on GitHub.

github.com
2
7
499
Blog: Vibe coding security fixes. zaproxy.org/blog/2026-04-15-… Learn how ZAP can help you make your vibe coded projects more secure. #zaproxy #vibecoding #appsec

Vibe Coding Security Fixes

ZAP now has a “Generate Fix Prompt” option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?

zaproxy.org
7
9
735
Guest Blog: zaproxy.org/blog/2026-04-13-… Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment. ℅ Trevor Mountney #zaproxy #kubernetes #appsec

Use ZAP with KRO in Kubernetes

Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.

zaproxy.org
2
10
715
Blog: ZAP Updates for March: zaproxy.org/blog/2026-04-03-… ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects Cc @javamuffinztx @seqradev @pentestkit #zaproxy #appsec

ZAP Updates - March 2026

ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.

zaproxy.org
1
9
23
1,376
Introducing the ZAP MCP Server zaproxy.org/blog/2026-04-02-… #zaproxy #mcp #ai #appsec

The ZAP MCP Server

Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your application—all through natural conversation.

zaproxy.org
12
37
2,876
We are delighted to announce that Denis Podgurskii @pentestkit is now officially part of the ZAP Extended Team: zaproxy.org/docs/team/denis/
5
20
1,581
This is huge! zaproxy.org/blog/2026-04-01-… OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next! Many thanks to @pentestkit for this great integration. #zaproxy #owasp #appsec

OWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough)

OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST...

zaproxy.org
1
12
25
1,521
New ZAP Blog Post: zaproxy.org/blog/2026-03-27-… This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines. Thanks to @seqradev ! #zaproxy #appsec

Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis

This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines,...

zaproxy.org
10
23
1,968
Zed Attack Proxy retweeted
Zed Attack Proxy@zaproxy
Mar 19
New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis zaproxy.org/blog/2026-03-19-… Thanks to @javamuffinztx

Introducing DeepViolet

Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis

zaproxy.org
10
20
1,624
New blog post: ZAP Updates - February 2026 zaproxy.org/blog/2026-03-02-… #zaproxy #appsec

ZAP Updates - February 2026

February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.

zaproxy.org
7
15
1,526
Zed Attack Proxy retweeted
Zed Attack Proxy@zaproxy
Feb 25
Do you need even more control over the browsers that you can launch from ZAP? You’ve got it! zaproxy.org/blog/2026-02-24-… #zaproxy #appsec

Custom Browsers and Preferences

You can now add custom browsers to ZAP and manage any browser preferences.

zaproxy.org
2
5
680
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow. zaproxy.org/blog/2026-02-17-… #zaproxy #appsec #cyberchef

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

zaproxy.org
7
16
839
Released add-ons today: GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing. OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed. #AppSec #DevSecOps #WebAppSec #BugBountyTips
8
16
1,083
Load more