This is huge!
https://www.zaproxy.org/blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsecOWASP PTK Findings as ZAP Alerts (Juice Shop Walkthrough)
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST / DAST), optionally auto-start scans on browser launch, and then scan OWASP Juice Shop with all results visible in ZAP.
New ZAP Blog Post:
https://www.zaproxy.org/blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
Thanks to the Seqra Team!
#zaproxy #appsec
Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
https://www.zaproxy.org/blog/2026-03-19-introducing-deepviolet/Thanks to Milton Smith
#zaproxy #deepviolet #appsec
Introducing DeepViolet
Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis
ZAP Updates - February 2026
February was another busy month for the ZAP project, with improvements across browser automation, GraphQL and the Encode/Decode/Hash add-on.
Do you need even more control over the browsers that you can launch from ZAP?
You’ve got it!
https://www.zaproxy.org/blog/2026-02-24-custom-browsers-and-preferences/#zaproxy #appsecCustom Browsers and Preferences
You can now add custom browsers to ZAP and manage any browser preferences.
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/#zaproxy #appsec #cyberchef
Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts
Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
Detecting Circular Type References in GraphQL Schemas
ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.
New blog post:
https://www.zaproxy.org/blog/2026-02-02-zap-updates-2025-highlights-2026-plans/Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai
ZAP Updates - 2025 Highlights and Plans for 2026
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
New “Getting Further with ZAP Scripting” pages:
https://www.zaproxy.org/docs/getting-further/scripting/Looking for something more? Let
@psiinon know!
ZAP – Getting Further with ZAP Scripting
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
