Zed Attack Proxy

Want to learn more about ZAP? The latest tutorial videos are all linked off zaproxy.org/videos/ - we're adding to them all of the time.

ZAP April report zaproxy.org/blog/2026-05-0… Nearly 10 Million runs, and over 15,000 GitHub stars! #zaproxy #appsec

Blog: Automating OWASP PTK with ZAP (Phase 1) You can now automate @OWASP @pentestkit using ZAP zaproxy.org/blog/2026-05-0… #zaproxy #owasp #appsec

Shout out to github.com/sariseko55 for being the 15,000th person to star ⭐️ the @zaproxy core repo on Friday the 17th 🎉 #GitHub #Achievement

Blog: Vibe coding security fixes. zaproxy.org/blog/2026-04-1… Learn how ZAP can help you make your vibe coded projects more secure. #zaproxy #vibecoding #appsec

Guest Blog: zaproxy.org/blog/2026-04-1… Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment. ℅ Trevor Mountney #zaproxy #kubernetes #appsec

Blog: ZAP Updates for March: zaproxy.org/blog/2026-04-0… ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects Cc @javamuffinztx @seqradev @pentestkit #zaproxy #appsec

Introducing the ZAP MCP Server zaproxy.org/blog/2026-04-0… #zaproxy #mcp #ai #appsec

We are delighted to announce that Denis Podgurskii @pentestkit is now officially part of the ZAP Extended Team: zaproxy.org/docs/team/deni…

This is huge! zaproxy.org/blog/2026-04-0… OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next! Many thanks to @pentestkit for this great integration. #zaproxy #owasp #appsec

New ZAP Blog Post: zaproxy.org/blog/2026-03-2… This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines. Thanks to @seqradev ! #zaproxy #appsec

New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis zaproxy.org/blog/2026-03-1… Thanks to @javamuffinztx

New blog post: ZAP Updates - February 2026 zaproxy.org/blog/2026-03-0… #zaproxy #appsec

Do you need even more control over the browsers that you can launch from ZAP? You’ve got it! zaproxy.org/blog/2026-02-2… #zaproxy #appsec

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow. zaproxy.org/blog/2026-02-1… #zaproxy #appsec #cyberchef

Released add-ons today: GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing. OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed. #AppSec #DevSecOps #WebAppSec #BugBountyTips

New Blog Post: Detecting Circular Type References in GraphQL Schemas zaproxy.org/blog/2026-02-0… #zaproxy #appsec #graphql

New blog post: zaproxy.org/blog/2026-02-0… Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration! #zaproxy #appsec #ai

We have made a good start on #AI integration in @zaproxy We know some of you will be very anti-AI, so this will be optional and opt-in. We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?