Guest on ZAP

Use ZAP with KRO in Kubernetes

Mon, 13 Apr 2026 00:00:00 +0000

Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.

Guided ZAP Scans: Faster CI/CD Feedback Using Static Analysis

Fri, 27 Mar 2026 00:00:00 +0000

This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.

Introducing DeepViolet

Thu, 19 Mar 2026 00:00:00 +0000

Introducing DeepViolet: The Engine Behind ZAP’s New TLS Analysis

OWASP PTK Integration with ZAP

Mon, 19 Jan 2026 00:00:00 +0000

OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testing, plus practical JWT and cookie workflows—while ZAP remains your traffic and context hub.

Enhancing ZAP with AI for Bug Bounty Hunting

Fri, 28 Nov 2025 00:00:00 +0000

Building an intelligent security testing system that leverages ZAP’s automation capabilities and machine learning to improve vulnerability detection

Solving Caido Labs

Wed, 15 Oct 2025 00:00:00 +0000

In this blog we show how to solve Caido labs using ZAP.

PortSwigger Labs: Broken Brute-Force Protection, IP Block

Wed, 09 Apr 2025 00:00:00 +0000

Walkthrough for the PortSwigger lab, “Broken brute-force protection, IP block”.

Solving Portswigger Lab File Path Traversal Simple Case with ZAP

Thu, 27 Feb 2025 00:00:00 +0000

Video and explanation of How to Solve the Portswigger labs using ZAP, in this case: ‘Path Traversal Simple Case’

Use ZAP with Flagger in Kubernetes

Tue, 24 Dec 2024 00:00:00 +0000

Learn how to integrate ZAP with Flagger in a Kubernetes cluster to scan the security of each new deployment.

Powering Up DAST with ZAP and Noir

Mon, 11 Nov 2024 00:00:00 +0000

Integrating Noir, a tool for discovering hidden endpoints in source code, with ZAP enhances dynamic application security testing (DAST).

Automated ZAP Scans for Orchard Core Apps

Fri, 08 Dec 2023 00:00:00 +0000

If you have an app running on the ASP.NET Core web framework and CMS Orchard Core, you can now easily run ZAP scans for it.

Map Local Add-on

Tue, 31 Oct 2023 00:00:00 +0000

Allows mapping of responses to content of chosen local file.

Running ZAP on a raspberry pi

Thu, 25 Aug 2022 00:00:00 +0000

Setting up ZAP on the raspberry pi.

PortSwigger Labs: Username Enumeration with ZAP Scripts

Thu, 14 Apr 2022 00:00:00 +0000

How to solve the PortSwigger Lab: Username enumeration via account lock using ZAP scripts.

PortSwigger Labs: 2FA Broken Logic

Wed, 06 Apr 2022 00:00:00 +0000

How to solve the PortSwigger Lab: 2FA Broken Logic using ZAP.

The Eval Villain Add-on

Wed, 01 Dec 2021 00:00:00 +0000

Eval Villain was recently added to the ZAP Marketplace. This add-on installs the Eval Villain web extension in Firefox and allows the inspection of arguments to arbitrary native JavaScript functions.

Automate checking ASVS controls using ZAP scripts

Wed, 10 Feb 2021 00:00:00 +0000

Write scripts in ZAP which will check a target application’s compliance against ASVS controls.

ZAP JWT Support Add-on

Thu, 03 Sep 2020 00:00:00 +0000

With the popularity of JSON Web Tokens (JWTs) there comes the need to secure their use so that they are not misused because of bad configuration, older libraries, or buggy implementations. So the JWT Support add-on is used to find such vulnerabilities and this blog explains on how to use it.