Simon Bennetts's Avatar

Simon Bennetts

@psiinon.bsky.social

ZAP Project Lead

1,046 Followers  |  136 Following  |  27 Posts  |  Joined: 25.07.2023  |  1.6026

Latest posts by psiinon.bsky.social on Bluesky

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

29.10.2025 14:50 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
SHH! ZAP Was Not So Silent A new ZAP scan rule unintentionally caused a Check for Updates call even when β€œsilent” mode was used.

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...

21.10.2025 15:29 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - September 2025 Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.

ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy #appsec

01.10.2025 12:55 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Alert De-Duplication How and why we will be reporting fewer β€œduplicate” alerts in ZAP.

New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

30.09.2025 13:17 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
ZAP – Videos The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

πŸŽ₯ Want to level up your ZAP game?
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives β€” all free.

From beginner basics to advanced scripting, it’s all here:
πŸ‘‰ zaproxy.org/videos/

#YouDontKnowZAP

29.09.2025 12:18 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP is Adopting WAVSEP The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org/blog/2025-09...

#zaproxy #appsec #wavsep

08.09.2025 15:13 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Configuring Scan Policies with Alert Tags A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...

You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

03.09.2025 14:15 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - August 2025 Microsoft Online Login Support, forking wavsep and much, much more!

ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...

Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec

02.09.2025 12:49 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Help β€” Translation Project on Crowdin Help us translate ZAP Help and bring it to the world!

All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...

21.08.2025 14:09 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Slack

We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !

15.08.2025 10:00 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec

13.08.2025 09:42 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - July 2025 Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.

ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec

01.08.2025 16:43 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained.
Update your ZAP installs now!
#zaproxy #appsec

30.07.2025 11:00 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...

28.07.2025 10:17 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
The New 'ZAP is Out of Date' Rule If you are using an old version of ZAP then you might start seeing a new alert…

There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

25.07.2025 13:33 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Timing Related Scan Rule Changes Scan rules related to time based attacks have been split or renamed.

We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

22.07.2025 13:00 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
UK jobs market weakens as unemployment rate rises The official data shows wage growth has slowed while the number of vacancies continues to fall.

Here's an idea.

Corporation tax currently taxes profits.

Instead tax profits divided by the total wage bill of all those who's pay is below the median pay for the company.

www.bbc.co.uk/news/article...

17.07.2025 17:15 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

None of the major browsers are currently flagging the latest ZAP downloads as suspiciousπŸŽ‰
Thank you to whoever sorted that out!

14.07.2025 12:41 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Edge Support ZAP now has β€œtier 1” support for Microsoft Edge, including exploring, crawling, and attacking.

ZAP now has full support for Microsoft Edge πŸ˜€
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

10.07.2025 13:08 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Authentication Improvements We’ve made a lot of improvements in ZAP’s handling of authentication - here’s a summary of the most significant changes we’ve made.

As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

03.07.2025 12:53 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - June 2025 A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.

ZAP updates for June:
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

01.07.2025 14:22 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it.
We've updated the Download page www.zaproxy.org/download/

30.06.2025 16:58 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
An Introduction to ZAP by Checkmarx - Official Version
YouTube video by ZAP An Introduction to ZAP by Checkmarx - Official Version

Still unsure of what ZAP does?
See this video..
youtu.be/yywD8ebNn6o
#zaproxy #dast #appsec

30.06.2025 15:15 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - psiinon/owasp-top-10-top-10s Contribute to psiinon/owasp-top-10-top-10s development by creating an account on GitHub.

Introducing the Top 10 @owasp.org Top 10s!
github.com/psiinon/owas...

20.06.2025 16:00 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Mega add-on update alert!
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...

20.06.2025 13:34 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
ZAP – ZAP Vs Test Apps The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

We have started to document how to configure ZAP against well known vulnerable apps: www.zaproxy.org/docs/testapps/ Let @psiinon.bsky.social know if you have any feedback or specific requests

10.06.2025 15:06 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
Chrome 137 removed the "--load-extension" option. (Major situation!) Β· Issue #3771 Β· seleniumbase/SeleniumBase Chrome 137 removed the --load-extension option. (Major situation!) Specifically, Chrome-branded Chromium removed the --load-extension option in Chrome 137. (This doesn't affect Chrome-for-Testing, ...

Looks like its this github.com/seleniumbase...

06.06.2025 10:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The latest version of Chrome no longer loads extension added via @seleniumhq.bsky.social πŸ˜’
Has anyone else seen this, or have a workaround?

06.06.2025 10:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
ZAP – Is My App Security Testable? The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org/docs/getting...
#zaproxy #appsec

15.05.2025 13:15 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - April 2025 April 2025 updates and ongoing feature development statuses.

Heres what the ZAP team have been working on during April www.zaproxy.org/blog/2025-05...

06.05.2025 14:24 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

@psiinon is following 19 prominent accounts