/tags/api/ Recent content in Api on ZAP Hugo en-us Thu, 21 May 2026 00:00:00 +0000 /blog/2026-05-21-scanning-mcp-servers-with-zap/ Thu, 21 May 2026 00:00:00 +0000 /blog/2026-05-21-scanning-mcp-servers-with-zap/ ZAP can now scan MCP (Model Context Protocol) servers as a first-class target. Import an MCP server from the ZAP desktop or the Automation Framework, or run the new action-mcp-scan GitHub Action to scan one from CI. /blog/2026-04-02-zap-mcp-server/ Thu, 02 Apr 2026 00:00:00 +0000 /blog/2026-04-02-zap-mcp-server/ Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your application—all through natural conversation. /blog/2017-06-19-scanning-apis-with-zap/ Mon, 19 Jun 2017 00:00:00 +0000 /blog/2017-06-19-scanning-apis-with-zap/ <p>The previous ZAP blog post explained how you could <a href="/blog/2017-04-03-exploring-apis-with-zap/">Explore APIs with ZAP</a>.<br> This blog post goes one step further, and explains how you can both explore and perform security scanning of APIs using ZAP from the command line.<br> This allows you to easily automate the scanning of your APIs.</p> /blog/2017-04-03-exploring-apis-with-zap/ Mon, 03 Apr 2017 00:00:00 +0000 /blog/2017-04-03-exploring-apis-with-zap/ <p>APIs can be challenging for security testing for a variety of reasons.<br> The first problem you will encounter is how to effectively explore an API - most APIs cannot be explored using browsing or standard spidering techniques.<br> However many APIs are described using technologies such as:</p> <ul> <li><a href="https://en.wikipedia.org/wiki/SOAP">SOAP</a></li> <li><a href="https://www.openapis.org/">OpenAPI / Swagger</a></li> </ul> <p>These standards define the API endpoints and can be imported into ZAP using 2 optional add-ons.</p>