This is huge!
https://www.zaproxy.org/blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsecOWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough)
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST / DAST), optionally auto-start scans on browser launch, and then scan OWASP Juice Shop with all results visible in ZAP.
New ZAP Blog Post:
https://www.zaproxy.org/blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
Thanks to the Seqra Team!
#zaproxy #appsec
Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
https://www.zaproxy.org/blog/2026-03-19-introducing-deepviolet/Thanks to Milton Smith
#zaproxy #deepviolet #appsec
Introducing DeepViolet
Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
ZAP Updates - February 2026
February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.
Do you need even more control over the browsers that you can launch from ZAP?
You’ve got it!
https://www.zaproxy.org/blog/2026-02-24-custom-browsers-and-preferences/#zaproxy #appsecCustom Browsers and Preferences
You can now add custom browsers to ZAP and manage any browser preferences.
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/#zaproxy #appsec #cyberchef
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
That was genuinely a good tutorial. <3
#zaproxy
Detecting Circular Type References in GraphQL Schemas
ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.
New blog post:
https://www.zaproxy.org/blog/2026-02-02-zap-updates-2025-highlights-2026-plans/Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
ZAP Updates - 2025 Highlights and Plans for 2026
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
ZAP
hexamander