Author | Lightnews

ZAP by Checkmarx

ZAP by Checkmarx

@zaproxy.org

1.1K followers 3 following 48 posts

The Worlds Most Popular Web App Scanner.

Posts Media Videos Starter Packs

ZAP by Checkmarx @zaproxy.org · 4d

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

ZAP by Checkmarx @zaproxy.org · 12d

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...

SHH! ZAP Was Not So Silent

A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · 18d

ZAP Blog: How to solve the Caido Labs using ZAP
www.zaproxy.org/blog/2025-10...
c/o 5ubterranean_

Solving Caido Labs

In this blog we show how to solve Caido labs using ZAP.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Oct 1

ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy #appsec

ZAP Updates - September 2025

Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Sep 30

New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

Alert De-Duplication

How and why we will be reporting fewer “duplicate” alerts in ZAP.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Sep 8

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org/blog/2025-09...

#zaproxy #appsec #wavsep

ZAP is Adopting WAVSEP

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Sep 3

You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

Configuring Scan Policies with Alert Tags

A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Sep 2

ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...

Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec

ZAP Updates - August 2025

Microsoft Online Login Support, forking wavsep and much, much more!

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Aug 21

All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...

ZAP Help — Translation Project on Crowdin

Help us translate ZAP Help and bring it to the world!

ZAP by Checkmarx @zaproxy.org · Aug 15

We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Aug 13

All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec

ZAP – Download

The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Aug 1

ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec

ZAP Updates - July 2025

Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 30

Because they are not being updated. The maintained Docker images are under the "zaproxy" org.

ZAP by Checkmarx @zaproxy.org · Jul 30

Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained.
Update your ZAP installs now!
#zaproxy #appsec

ZAP by Checkmarx @zaproxy.org · Jul 28

We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...

ZAP – Download

The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 25

There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

The New 'ZAP is Out of Date' Rule

If you are using an old version of ZAP then you might start seeing a new alert…

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 22

We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

Timing Related Scan Rule Changes

Scan rules related to time based attacks have been split or renamed.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 14

None of the major browsers are currently flagging the latest ZAP downloads as suspicious🎉
Thank you to whoever sorted that out!

ZAP by Checkmarx @zaproxy.org · Jul 10

ZAP now has full support for Microsoft Edge 😀
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

ZAP now has “tier 1” support for Microsoft Edge, including exploring, crawling, and attacking.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 3

As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

Authentication Improvements

We’ve made a lot of improvements in ZAP’s handling of authentication - here’s a summary of the most significant changes we’ve made.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jul 1

ZAP updates for June:
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

ZAP Updates - June 2025

A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jun 30

All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it.
We've updated the Download page www.zaproxy.org/download/

ZAP – Download

The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org

ZAP by Checkmarx @zaproxy.org · Jun 30

Still unsure of what ZAP does?
See this video..
youtu.be/yywD8ebNn6o
#zaproxy #dast #appsec

An Introduction to ZAP by Checkmarx - Official Version

YouTube video by ZAP

ZAP by Checkmarx @zaproxy.org · Jun 20

Mega add-on update alert!
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...

ZAP by Checkmarx @zaproxy.org · Jun 10

We have started to document how to configure ZAP against well known vulnerable apps: www.zaproxy.org/docs/testapps/ Let @psiinon.bsky.social know if you have any feedback or specific requests

ZAP – ZAP Vs Test Apps

The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org