I’m delighted to announce that ZAP is joining the new Software Security Project (SSP) as one of the founding projects. This does however mean we are leaving OWASP.

ZAP was first released on 6th September 2010

Burp Suite is a popular commercial web app pentesting tool. It provides a free (closed source) Community edition and a paid for Professional edition. Many people are unaware that ZAP provides most of...

How ZAP baseline and GitHib actions can help to automate the security testing

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

The help files for the ZAP core. Contribute to zaproxy/zap-core-help development by creating an account on GitHub.

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

ZAP 2.13.0 has just been released, and adds support for HTTP/2, improved authentication handling and Mac Silicon.

How to use ZAP FileUpload Add-on for finding Vulnerabilities in file upload functionality

Introducing the OAST add-on for ZAP

ZAP Docker images are now also published to the GitHub Container Registry.

ZAP has been awarded the 2021 Waspy Award for Outstanding Project, as selected by OWASP Members.

ZAP 2.12.0 has just been released, and as the main zaproxy/zaproxy repo has just reached 10k stars we’re calling this the Ten Thousand Star Release

Has ZAP helped you? Now it is your turn to help ZAP.

ZAP 2.14.0 has just been released, and adds support for Host Header Manipulation, ZAPit, API File Transfers, Graal JS Add-on Access, Postman collections, SBOMs, and more…

Welcome to ZAP!

ZAP 2.15.0 has just been released, and adds support for scripts as first class scan rules, restructured desktop menu items, and more…

The help files for the ZAP core. Contribute to zaproxy/zap-core-help development by creating an account on GitHub.

You can now install ZAP via winget - the Windows Package Manager

ZAP 2.11.0 (also known as the OWASP 20th anniversary release) is available now. Major changes include: Alert Tags Alerts can now be tagged with arbitrary keys or key=value pairs - this can be done...

How to detect Spring4Shell with the new Spring4Shell Alpha Active Scan Rule.

We're back on October 10, 2024! Join us for the largest virtual DevOps conference. 24 Hours | 5 tracks | Free Online

This document gives an overview of the automatic and manual components provided by OWASP Zed Attack Proxy (ZAP) that are recommended for testing each of the OWASP Top Ten Project 2021 risks.

We're back on October 10, 2024! Join us for the largest virtual DevOps conference. 24 Hours | 5 tracks | Free Online

Import Postman collections with the new Postman add-on for ZAP.

Now attack GraphQL endpoints with the new GraphQL add-on for ZAP

ZAPCon is the user conference dedicated to ZAP. The conference provides keynotes, sessions and community for ZAP users and those interested in AppSec.

We're back on October 10, 2024! Join us for the largest virtual DevOps conference. 24 Hours | 5 tracks | Free Online

First Ever ZAPCon - Call For Papers

How ZAP full scan and GitHub actions can help to automate the security testing

ZAP has introduced a new feature to record pre-task activities such as logging in etc. using Browser Recorder.

How to create a setup to receive SSRF calbacks on your machine

Automate checking ASVS controls using ZAP scripts

The ZAP Weekly and Live releases have an all new networking layer.

ZAPCon is the user conference dedicated to ZAP. The conference provides keynotes, sessions and community for ZAP users and those interested in AppSec.

How to scan and fuzz JWT's using OWASP ZAP

ZAP appears to be impacted by the Log4Shell vulnerability - CVE-2021-44228. We have released ZAP 2.11.1 which fixes the problem, this blog post gives more information and the impact on older versions...

Highlights from ZAP release 2.9.0

Why the Sites Tree is so important to ZAP and how you will have much more control over it in ZAP 2.10.0

Take a first look at the ZAP Automation Framework with Simon Bennetts, ZAP Founder and Project Lead. Join us in Discord to ask questions: https://discord.gg...

Run ZAP without Java using Docker and Webswing

June 2023 updates and ongoing feature development statuses.

ZAP can now automatically detect and configure itself to handle common authentication mechanisms.

An add-on aimed squarely at the pentesters.

ZAP is the most popular free and open source web scanner, but maybe it's more popular than most/all commercial scanners too?

We're planning a new ZAP Web based GUI and we'd love your feedback!You can post comments here or to the ZAP User Group: https://groups.google.com/g/zaproxy-u...

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

We have just started a new series of videos called ZAP Chat which focus on ZAP features, new and old.

aine-rb has one repository available. Follow their code on GitHub.

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

All of the things that have been happening related to ZAP in August 2022.

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

A walkthrough of using the new Log4Shell Alpha Active Scan rule with the ZAP Automation Framework.

The ZAP by Checkmarx Core project. Contribute to zaproxy/zaproxy development by creating an account on GitHub.

ZAP Documentation ++ Initiative PUBLIC - anyone can comment The OWASP ZAP documentation, like that of many open source projects, could be much better. We have recently had some volunteers offering to...

The ZAP Desktop now supports a Dark Mode in the Weekly Release