/tags/sast/ Recent content in Sast on ZAP Hugo en-us Wed, 01 Apr 2026 00:00:00 +0000 /blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/ Wed, 01 Apr 2026 00:00:00 +0000 /blog/2026-04-01-owasp-ptk-findings-to-zap-alerts/ OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST / DAST), optionally auto-start scans on browser launch, and then scan OWASP Juice Shop with all results visible in ZAP. /blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/ Fri, 27 Mar 2026 00:00:00 +0000 /blog/2026-03-27-guided-zap-scans-faster-cicd-feedback-using-sast/ This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework. /blog/2026-01-19-owasp-ptk-add-on/ Mon, 19 Jan 2026 00:00:00 +0000 /blog/2026-01-19-owasp-ptk-add-on/ OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testing, plus practical JWT and cookie workflows—while ZAP remains your traffic and context hub.