Blog: Vibe coding security fixes.
https://www.zaproxy.org/blog/2026-04-15-vibe-coding-security-fixes/Learn how ZAP can help you make your vibe coded projects more secure.
#zaproxy #vibecoding #appsec
Vibe Coding Security Fixes
ZAP now has a “Generate Fix Prompt” option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?
Guest Blog:
https://www.zaproxy.org/blog/2026-04-13-use-zap-with-kro-in-kubernetes/Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
℅ Trevor Mountney
#zaproxy #kubernetes #appsecUse ZAP with KRO in Kubernetes
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
Blog: ZAP Updates for March:
https://www.zaproxy.org/blog/2026-04-03-zap-updates-march-2026/ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy #appsec
ZAP Updates - March 2026
ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.
The ZAP MCP Server
Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your application—all through natural conversation.
This is huge!
https://www.zaproxy.org/blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsecOWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough)
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST / DAST), optionally auto-start scans on browser launch, and then scan OWASP Juice Shop with all results visible in ZAP.
New ZAP Blog Post:
https://www.zaproxy.org/blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
Thanks to the Seqra Team!
#zaproxy #appsec
Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
https://www.zaproxy.org/blog/2026-03-19-introducing-deepviolet/Thanks to Milton Smith
#zaproxy #deepviolet #appsec
Introducing DeepViolet
Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
ZAP Updates - February 2026
February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.
Do you need even more control over the browsers that you can launch from ZAP?
You’ve got it!
https://www.zaproxy.org/blog/2026-02-24-custom-browsers-and-preferences/#zaproxy #appsecCustom Browsers and Preferences
You can now add custom browsers to ZAP and manage any browser preferences.
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/#zaproxy #appsec #cyberchef
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
