In May ZAP learned to scan MCP servers as a first-class target, OWASP PTK automation reached Phase 1, and the Params extension moved out of the core into its own add-on.
www.zaproxy.org/blog/2026-06...
#zaproxy #appsec
ZAP can now scan MCP Servers, in the Desktop, Automation Framework and in a new GitHub Action.
Read all about it on the blog:
www.zaproxy.org/blog/2026-05...
#zaproxy #appsec #mcp
Blog: Vibe coding security fixes.
www.zaproxy.org/blog/2026-04...
Learn how ZAP can help you make your vibe coded projects more secure.
#zaproxy #vibecoding #appsec
ZAP now has a dedicated PTK active scan rule, so you can run the PTK rules in the ZAP active scanner.
Check out the dramatic improvement in the scores vs Google Firing Range!
www.zaproxy.org/blog/2026-06...
#zaproxy #owaspptk #appsec
Guest Blog: www.zaproxy.org/blog/2026-04...
Learn how to integrate ZAP with KRO in a Kubernetes cluster to scan the security of each new deployment.
℅ Trevor Mountney
#zaproxy #kubernetes #appsec
Blog: Automating OWASP PTK with ZAP (Phase 1)
You can now automate OWASP pentestkit using ZAP
www.zaproxy.org/blog/2026-05...
#zaproxy #owasp-ptk #appsec
This is huge!
www.zaproxy.org/blog/2026-04...
OWASP PTK massively increases ZAP’s browser side testing capabilities .. and automation is up next!
Many thanks to Denis Podgurskii for this great integration.
#zaproxy #owasp #appsec
Introducing the ZAP MCP Server www.zaproxy.org/blog/2026-04...
#zaproxy #mcp #ai #appsec
Blog: ZAP Updates for March:
www.zaproxy.org/blog/2026-04...
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
#zaproxy #appsec
New ZAP Blog Post: www.zaproxy.org/blog/2026-03...
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines.
Thanks to the Seqra Team!
#zaproxy #appsec
In May ZAP learned to scan MCP servers as a first-class target, OWASP PTK automation reached Phase 1, and the Params extension moved out of the core into its own add-on.
www.zaproxy.org
ZAP now has a dedicated PTK active scan rule, so you can run the PTK rules in the ZAP active scanner. And there are still more changes planned, but the results against Firing Range have been dramatic!
ZAP can now scan MCP (Model Context Protocol) servers as a first-class target. Import an MCP server from the ZAP desktop or the Automation Framework, or run the new action-mcp-scan GitHub Action to sc...
ZAP was started nearly 9.5 million times in March, published integrations with 3 other open source projects, and released the first of many AI related features.
Connect AI assistants like Claude and ChatGPT to ZAP via the Model Context Protocol. Start scans, read alerts, and explore your application—all through natural conversation.
ZAP’s Automation Framework can now drive OWASP PTK scans using the Client Spider. This is an early release - we want you to try it and give us feedback while we work toward deeper integration with ZAP...
www.zaproxy.org
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST ...
ZAP now has a “Generate Fix Prompt” option that copies everything an LLM needs to fix a vulnerability straight to your clipboard. Also: ZAP was run 9.5 million times in March. Vibe coding, anyone?
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, buil...
