Simon Bennetts psiinon - Bluesky Statics

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #cyberchef

17.02.2026 17:06 — 👍 4 🔁 3 💬 0 📌 0

Detecting Circular Type References in GraphQL Schemas ZAP can now detect cycles in GraphQL schemas that could lead to denial of service attacks.

New Blog Post: Detecting Circular Type References in GraphQL Schemas
www.zaproxy.org/blog/2026-02...
#zaproxy #appsec #graphql

06.02.2026 12:27 — 👍 4 🔁 1 💬 0 📌 0

ZAP Updates - 2025 Highlights and Plans for 2026 Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!

New blog post: www.zaproxy.org/blog/2026-02...
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai

02.02.2026 13:45 — 👍 4 🔁 3 💬 0 📌 0

We have made a good start on #AI integration in @zaproxy.org
We know some of you will be very anti-AI, so this will be optional and opt-in.
We have lots of plans, but feedback also appreciated - what integrations would you really like to see .. or not see?

02.02.2026 12:18 — 👍 1 🔁 1 💬 0 📌 0

OWASP PTK Integration with ZAP OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testi...

www.zaproxy.org/blog/2026-01...
#zaproxy #owasp #appsec

19.01.2026 14:15 — 👍 5 🔁 4 💬 0 📌 0

ZAP – Getting Further with ZAP Scripting The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

New “Getting Further with ZAP Scripting” pages: www.zaproxy.org/docs/getting...
Looking for something more? Let @psiinon.bsky.social know!

08.01.2026 17:30 — 👍 2 🔁 1 💬 0 📌 0

Björn Kimminich :verified: (@bkimminich@infosec.exchange) Dear aspiring Open Source contributors: If you spent X minutes to let your AI tool make some "enhancement", "refactoring", or "clean up", and it takes the project maintainer >X minutes to review and l...

Dear Open Source contributors: If your AI spent X mins on "enhancement" or "refactorings" but the project maintainer needs >X mins to fix guideline violations and broken code, you didn’t contribute—you drained time and motivation from Open Source maintainers.

infosec.exchange/@bkimminich/...

24.12.2025 01:50 — 👍 4 🔁 3 💬 1 📌 0

ZAP 2.17.0 ZAP 2.17.0 has just been released. The release includes core performance improvements and will significantly reduce the number of “duplicate” alerts reported.

ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

15.12.2025 15:16 — 👍 5 🔁 2 💬 0 📌 0

React2Shell Detection with ZAP React2Shell is the latest big “named” vulnerability - heres how you can detect it with ZAP.

New blog post: #React2Shell Detection with ZAP
www.zaproxy.org/blog/2025-12...
#zaproxy #appsec

05.12.2025 15:09 — 👍 8 🔁 4 💬 0 📌 0

The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.

04.12.2025 12:26 — 👍 4 🔁 2 💬 0 📌 0

ZAP Updates - November 2025 2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!

ZAP Updates for November 2025:
www.zaproxy.org/blog/2025-12...
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec

03.12.2025 15:58 — 👍 2 🔁 1 💬 0 📌 0

Enhancing ZAP with AI for Bug Bounty Hunting Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection

New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
www.zaproxy.org/blog/2025-11...

28.11.2025 13:53 — 👍 3 🔁 1 💬 0 📌 0

50 Million Errors in One Day?! ZAP logged a LOT of errors yesterday - heres why, and what we have already done to address the underlying problems

ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

25.11.2025 16:43 — 👍 6 🔁 1 💬 0 📌 0

Release w2025-11-24 · zaproxy/zaproxy File Checksum (SHA-256) ZAP_WEEKLY_D-2025-11-24.zip 6a0bab4207bdd498c24fd0edc6eddfa0789cf80510a8290ba3481d573458ccf2

Today’s weekly is the 2.17 Release Candidate! github.com/zaproxy/zapr...
Feedback appreciated

24.11.2025 18:04 — 👍 2 🔁 2 💬 0 📌 0

Cloudflare Status Welcome to Cloudflare's home for real-time and historical data on system performance.

The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See www.cloudflarestatus.com for more information.

18.11.2025 14:35 — 👍 2 🔁 1 💬 0 📌 0

ZAP Updates - October 2025 Systemic alerts, check for updates bug, auth improvements, project pulse, etc See what the ZAP team has been up to.

ZAP Updates for October:
www.zaproxy.org/blog/2025-11...
#zaproxy #appsec

07.11.2025 09:29 — 👍 4 🔁 1 💬 0 📌 0

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

29.10.2025 14:50 — 👍 1 🔁 1 💬 0 📌 0

SHH! ZAP Was Not So Silent A new ZAP scan rule unintentionally caused a Check for Updates call even when “silent” mode was used.

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see www.zaproxy.org/blog/2025-10...

21.10.2025 15:29 — 👍 3 🔁 2 💬 0 📌 0

ZAP Updates - September 2025 Configuring scan policies with alert tags, WAVSEP adoption, alert de-duplication and a new add-on publishing guide.

ZAP updates for September:
www.zaproxy.org/blog/2025-10...
#zaproxy #appsec

01.10.2025 12:55 — 👍 3 🔁 2 💬 0 📌 0

Alert De-Duplication How and why we will be reporting fewer “duplicate” alerts in ZAP.

New blog post: Alert De-Duplification
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

30.09.2025 13:17 — 👍 3 🔁 3 💬 0 📌 0

ZAP – Videos The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

🎥 Want to level up your ZAP game?
The @zaproxy.org team has an awesome library of how-tos, demos, and deep dives — all free.

From beginner basics to advanced scripting, it’s all here:
👉 zaproxy.org/videos/

#YouDontKnowZAP

29.09.2025 12:18 — 👍 3 🔁 2 💬 0 📌 0

ZAP is Adopting WAVSEP The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

www.zaproxy.org/blog/2025-09...

#zaproxy #appsec #wavsep

08.09.2025 15:13 — 👍 1 🔁 1 💬 0 📌 0

Configuring Scan Policies with Alert Tags A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual sc...

You can now configure ZAP Scan Policies using Alert Tags:
www.zaproxy.org/blog/2025-09...
#zaproxy #appsec

03.09.2025 14:15 — 👍 4 🔁 2 💬 0 📌 0

ZAP Updates - August 2025 Microsoft Online Login Support, forking wavsep and much, much more!

ZAP Updates - August 2025:
www.zaproxy.org/blog/2025-09...

Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec

02.09.2025 12:49 — 👍 2 🔁 1 💬 0 📌 0

ZAP Help — Translation Project on Crowdin Help us translate ZAP Help and bring it to the world!

All of the translated ZAP help files on the Marketplace have been updated. Thanks to the Crowdin translators for their hard work!
crowdin.com/project/zap-...

21.08.2025 14:09 — 👍 3 🔁 1 💬 0 📌 0

Slack

We have a new #evangelists channel on the ZAP Slack: www.zaproxy.org/slack/
For an invite go to www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !

15.08.2025 10:00 — 👍 2 🔁 2 💬 0 📌 0

ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per www.zaproxy.org/download/#do...
#zaproxy #appsec

13.08.2025 09:42 — 👍 5 🔁 2 💬 0 📌 0

ZAP Updates - July 2025 Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.

ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
www.zaproxy.org/blog/2025-08...
#zaproxy #appsec

01.08.2025 16:43 — 👍 3 🔁 2 💬 0 📌 0

Yesterday there were more than 25K ZAP scans run using old versions of ZAP. These are no longer being maintained.
Update your ZAP installs now!
#zaproxy #appsec

30.07.2025 11:00 — 👍 8 🔁 3 💬 0 📌 0

ZAP – Download The world’s most widely used web app scanner. Free and open source. ZAP is a community project actively maintained by a dedicated international team, and a GitHub Top 1000 project.

We will be deleting all of the ZAP Docker images from the Software Security Project Docker Hub within the next 2 weeks. If you are still pulling images from there then please switch to one of the maintained options: www.zaproxy.org/download/#do...

28.07.2025 10:17 — 👍 5 🔁 2 💬 1 📌 0

Posts by Simon Bennetts (@psiinon.bsky.social)