ZAP by Checkmarx
@zaproxy.org
The Worlds Most Popular Web App Scanner.
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
ZAP 2.17.0
ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.
www.zaproxy.org
December 15, 2025 at 3:16 PM
ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
December 4, 2025 at 12:26 PM
The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
ZAP Updates - November 2025
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
www.zaproxy.org
December 3, 2025 at 3:58 PM
ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
www.zaproxy.org/blog/2025-11...
Enhancing ZAP with AI for Bug Bounty Hunting
Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection
www.zaproxy.org
November 28, 2025 at 1:53 PM
New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...
www.zaproxy.org/blog/2025-11...
ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
50 Million Errors in One Day?!
ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems
www.zaproxy.org
November 25, 2025 at 4:43 PM
ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec
Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated
Feedback appreciated
Release w2025-11-24 · zaproxy/zaproxy
File
Checksum (SHA-256)
ZAP_WEEKLY_D-2025-11-24.zip
6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2
github.com
November 24, 2025 at 6:04 PM
Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated
Feedback appreciated
The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.
See www.cloudflarestatus.com for more information.
Cloudflare Status
Welcome to Cloudflare's home for real-time and historical data on system performance.
www.cloudflarestatus.com
November 18, 2025 at 2:35 PM
The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.
See www.cloudflarestatus.com for more information.
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
October 29, 2025 at 2:50 PM
We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
SHH! ZAP Was Not So Silent
A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.
www.zaproxy.org
October 21, 2025 at 3:29 PM
Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...
Solving Caido Labs
In this blog we show how to solve Caido labs using ZAP.
www.zaproxy.org
October 15, 2025 at 2:46 PM
Alert De-Duplication
How and why we will be reporting fewer “duplicate” alerts in ZAP.
www.zaproxy.org
September 30, 2025 at 1:17 PM
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
ZAP is Adopting WAVSEP
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org
September 8, 2025 at 3:13 PM
The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec #wavsep
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
Configuring Scan Policies with Alert Tags
A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...
www.zaproxy.org
September 3, 2025 at 2:15 PM
You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
ZAP Updates - August 2025
Microsoft Online Login Support, forking wavsep and much, much more!
www.zaproxy.org
September 2, 2025 at 12:49 PM
ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
www.zaproxy.org/blog/2025-09...
Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...
ZAP Help — Translation Project on Crowdin
Help us translate ZAP Help and bring it to the world!
crowdin.com
August 21, 2025 at 2:09 PM
All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...
crowdin.com/project/zap-...
We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
Slack
www.zaproxy.org
August 15, 2025 at 10:00 AM
We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
August 13, 2025 at 9:42 AM
All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org
August 1, 2025 at 4:43 PM
ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...
ZAP – Download
The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.
www.zaproxy.org
July 28, 2025 at 10:17 AM
We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
The New 'ZAP is Out of Date' Rule
If you are using an old version of ZAP then you might start seeing a new alert…
www.zaproxy.org
July 25, 2025 at 1:33 PM
There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
#zaproxy #appsec
Timing Related Scan Rule Changes
Scan rules related to time based attacks have been split or renamed.
www.zaproxy.org
July 22, 2025 at 1:00 PM
We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec
#zaproxy #appsec