Simon Bennetts's Avatar

Simon Bennetts

@psiinon.bsky.social

ZAP Project Lead

1,036 Followers  |  135 Following  |  27 Posts  |  Joined: 25.07.2023  |  1.7643

Latest posts by psiinon.bsky.social on Bluesky

Preview
ZAP Updates - July 2025 Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.

ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec

01.08.2025 16:43 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained.
Update your ZAP installs now!
#zaproxy #appsec

30.07.2025 11:00 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...

28.07.2025 10:17 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
The New 'ZAP is Out of Date' Rule If you are using an old version of ZAP then you might start seeing a new alert…

There is a new "ZAP is Out of Date" scan rule - learn more about it via this blog post
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

25.07.2025 13:33 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Timing Related Scan Rule Changes Scan rules related to time based attacks have been split or renamed.

We've recently made some requested changes to the naming and implementation of scan rules which used Time Based attacks. @kingthorin.bsky.social has written about it here: www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

22.07.2025 13:00 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
UK jobs market weakens as unemployment rate rises The official data shows wage growth has slowed while the number of vacancies continues to fall.

Here's an idea.

Corporation tax currently taxes profits.

Instead tax profits divided by the total wage bill of all those who's pay is below the median pay for the company.

www.bbc.co.uk/news/article...

17.07.2025 17:15 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

None of the major browsers are currently flagging the latest ZAP downloads as suspiciousπŸŽ‰
Thank you to whoever sorted that out!

14.07.2025 12:41 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Edge Support ZAP now has β€œtier 1” support for Microsoft Edge, including exploring, crawling, and attacking.

ZAP now has full support for Microsoft Edge πŸ˜€
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

10.07.2025 13:08 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Authentication Improvements We’ve made a lot of improvements in ZAP’s handling of authentication - here’s a summary of the most significant changes we’ve made.

As promised, here is the first set of documentation for all of the authentication improvements the team has been working on
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

03.07.2025 12:53 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - June 2025 A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.

ZAP updates for June:
A new Intro video, lots of authentication work, and more news on the ZAP browser extensions.
www.zaproxy.org/blog/2025-07...
#zaproxy #appsec

01.07.2025 14:22 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

All of the main browsers flag ZAP as dangerous/potential malware, and there doesnt see to be anything we can do about it.
We've updated the Download page www.zaproxy.org/download/

30.06.2025 16:58 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
An Introduction to ZAP by Checkmarx - Official Version
YouTube video by ZAP An Introduction to ZAP by Checkmarx - Official Version

Still unsure of what ZAP does?
See this video..
youtu.be/yywD8ebNn6o
#zaproxy #dast #appsec

30.06.2025 15:15 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - psiinon/owasp-top-10-top-10s Contribute to psiinon/owasp-top-10-top-10s development by creating an account on GitHub.

Introducing the Top 10 @owasp.org Top 10s!
github.com/psiinon/owas...

20.06.2025 16:00 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Mega add-on update alert!
We've just upload loads of add-ons, so update your ZAP instances ASAP.
Lots of authentication improvements have been included, more details coming soon ...

20.06.2025 13:34 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
ZAP – ZAP Vs Test Apps The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

We have started to document how to configure ZAP against well known vulnerable apps: www.zaproxy.org/docs/testapps/ Let @psiinon.bsky.social know if you have any feedback or specific requests

10.06.2025 15:06 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
Chrome 137 removed the "--load-extension" option. (Major situation!) Β· Issue #3771 Β· seleniumbase/SeleniumBase Chrome 137 removed the --load-extension option. (Major situation!) Specifically, Chrome-branded Chromium removed the --load-extension option in Chrome 137. (This doesn't affect Chrome-for-Testing, ...

Looks like its this github.com/seleniumbase...

06.06.2025 10:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The latest version of Chrome no longer loads extension added via @seleniumhq.bsky.social πŸ˜’
Has anyone else seen this, or have a workaround?

06.06.2025 10:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
ZAP – Is My App Security Testable? The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

www.zaproxy.org/docs/getting...
#zaproxy #appsec

15.05.2025 13:15 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Updates - April 2025 April 2025 updates and ongoing feature development statuses.

Heres what the ZAP team have been working on during April www.zaproxy.org/blog/2025-05...

06.05.2025 14:24 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Release v17.3.0 Β· juice-shop/juice-shop Β· GitHub πŸ…°οΈ Frontend Updated frontend to Angular 19.x and Angular Material 19.x 🎨 User Interface #2541: Language selection dropdown is now searchable to make finding your preferred language even faster! ...

We just released v17.3.0! It brings Juice Shop to #Angular 19, fixes the non-default theme colors, and adds a convenient search filter to the language selection! Full release notes: github.com/juice-shop/j...

22.04.2025 22:24 β€” πŸ‘ 11    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - al-sultani/prokzee: A cross-platform desktop application for HTTP/HTTPS traffic interception and analysis, built with Go. Features modern UI, traffic manipulation tools, request resending, fu... A cross-platform desktop application for HTTP/HTTPS traffic interception and analysis, built with Go. Features modern UI, traffic manipulation tools, request resending, fuzzing capabilities, and AI...

I've just added github.com/al-sultani/p... to github.com/psiinon/open...

29.04.2025 08:28 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
ZAP Wins Inaugural DefectDojo Award for Open-Source Cybersecurity ZAP was recognised as being one of the best dynamic application security testing (DAST) Tools.

ZAP just won an award! Thanks DefectDojo!
www.zaproxy.org/blog/2025-04...
#zaproxy #appsec #award

22.04.2025 13:33 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

113 years ago tonight, the Titanic struck an iceberg, as a result of hubris, greed and denial. It wouldn’t happen now, of course, as all the icebergs seem to be melting. For the same reasons.

14.04.2025 08:43 β€” πŸ‘ 74    πŸ” 19    πŸ’¬ 3    πŸ“Œ 0

Now that the performance of #owasp #wrongsecrets is restored (200rps on a Heroku free Dyno) feel free to use #zap against it ;-).

13.04.2025 06:47 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

I have created a free, downloadable, secure coding guideline (22 pages), from my new book, Alice and Bob Learn Secure Coding. You can download it, and sign up for my newsletter, at the link below. Feel free to adopt it at work!
newsletter.shehacksp...

10.04.2025 16:26 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Big thanks to
@psiinon.bsky.social @kingthorin.bsky.social and all
@zaproxy.org contribs for your work on #ZAP #zaproxy. Amazing #infosec #Pentesting tool. Huge thanks to @checkmarxzero.bsky.social & @crashappsec.bsky.social for supporting this important project. #WebAppSec #AppSec

09.04.2025 20:46 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
PortSwigger Labs: Broken Brute-Force Protection, IP Block Walkthrough for the PortSwigger lab, β€œBroken brute-force protection, IP block”.

New ZAP blog post c/o Jemimah O www.zaproxy.org/blog/2025-04...
#zaproxy #appsec

09.04.2025 11:12 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Brexit was the UK shooting itself in the foot.

We're about to see what happens after the USA has just shot itself in both feet.

02.04.2025 22:13 β€” πŸ‘ 15    πŸ” 5    πŸ’¬ 7    πŸ“Œ 0

πŸ“―YOUR INPUT IS NEEDED!πŸ“―

@OWASP ASVS version 5.0 release candidate is ready for review.

The final version is planned for the end of May. We want your feedback before then!

Can devs understand it? How about testers? Anything missing?

Dive into GitHub and let us know!

1/2

31.03.2025 15:40 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 1    πŸ“Œ 1
Preview
ZAP Updates - March 2025 We released 2.16.1 and made more authentication handling improvements.

The monthly ZAP Update Blog Post: www.zaproxy.org/blog/2025-04...
#zaproxy #appsec

02.04.2025 12:13 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@psiinon is following 19 prominent accounts