Zed Attack Proxy

Want to learn more about ZAP? The latest tutorial videos are all linked off zaproxy.org/videos/ - we're adding to them all of the time.

New ZAP Blog Post: Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis zaproxy.org/blog/2026-03-1… Thanks to @javamuffinztx

New blog post: ZAP Updates - February 2026 zaproxy.org/blog/2026-03-0… #zaproxy #appsec

Do you need even more control over the browsers that you can launch from ZAP? You’ve got it! zaproxy.org/blog/2026-02-2… #zaproxy #appsec

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow. zaproxy.org/blog/2026-02-1… #zaproxy #appsec #cyberchef

Released add-ons today: GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing. OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed. #AppSec #DevSecOps #WebAppSec #BugBountyTips

New Blog Post: Detecting Circular Type References in GraphQL Schemas zaproxy.org/blog/2026-02-0… #zaproxy #appsec #graphql

New blog post: zaproxy.org/blog/2026-02-0… Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration! #zaproxy #appsec #ai

We have made a good start on #AI integration in @zaproxy We know some of you will be very anti-AI, so this will be optional and opt-in. We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?

We have released a new version of the graaljs add-on which we believe fixes the memory leak. Please update and let @psiinon know if that fixes the problem for you.

The weekly and live docker images have also been updated. We are still working on the underlying fix.

We have become aware of a memory leak in the JavaScript engine. That has probably been there for some time, but will now affect anyone using the active scan due to the addition of a new JS scan rule in the OpenAPI add-on. We are working on a fix as a matter of urgency.

Reposting this write-up - if you try the add-on, break it (politely) and tell me what you’d like to see next. Bugs, issues, and reviews genuinely help. cybersecuritynews.com/zap-owasp-pent…

zaproxy.org/blog/2026-01-1… #zaproxy #owasp #appsec

New “Getting Further with ZAP Scripting” pages: zaproxy.org/docs/getting-f… Looking for something more? Let @psiinon know!

ZAP 2.17.0 is now available! It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans. zaproxy.org/blog/2025-12-1… #zaproxy #appsec

New blog post: #React2Shell Detection with ZAP zaproxy.org/blog/2025-12-0… #zaproxy #appsec

The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.