New Blog Post: Detecting Circular Type References in GraphQL Schemas
https://www.zaproxy.org/blog/2026-02-06-detecting-graphql-cycles/
#zaproxy #appsec #graphql

New blog post: https://www.zaproxy.org/blog/2026-02-02-zap-updates-2025-highlights-2026-plans/
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai

https://www.zaproxy.org/blog/2026-01-19-owasp-ptk-add-on/
#zaproxy #owasp #appsec

ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
https://www.zaproxy.org/blog/2025-12-15-zap-2-17-0/
#zaproxy #appsec

New blog post: #React2Shell Detection with ZAP
https://www.zaproxy.org/blog/2025-12-05-react2shell-detection-with-zap/
#zaproxy #appsec

ZAP Updates for November 2025:
https://www.zaproxy.org/blog/2025-12-03-zap-updates-november-2025/
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec

New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
https://www.zaproxy.org/blog/2025-11-28-enhancing-zap-with-ai-for-bug-bounty-hunting/
#zaproxy #appsec #bugbounty

ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
https://www.zaproxy.org/blog/2025-11-25-50-million-errors-in-one-day/
#zaproxy #appsec

ZAP Updates for October:
https://www.zaproxy.org/blog/2025-11-06-zap-updates-october-2025/
#zaproxy #appsec

Ok Cyberz community bring on your #WednesdayWin stories!

For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁

ZAP updates for September:
https://www.zaproxy.org/blog/2025-10-01-zap-updates-september-2025/
#zaproxy #appsec

New blog post: Alert De-Duplification
https://www.zaproxy.org/blog/2025-09-30-alert-de-duplication/
#zaproxy #appsec

Anyone have experience using the ZAP docker images to scan sites? I have a context file I’m feeding the full scan image but it appears to only scan the top level and not recurse. I can see it authenticating and running the checks, but it finds only 12 URLs whereas other scanners find 212. #dast #zaproxy

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

https://www.zaproxy.org/blog/2025-09-08-zap-is-adopting-wavsep/

#zaproxy #appsec #wavsep

You can now configure ZAP Scan Policies using Alert Tags:
https://www.zaproxy.org/blog/2025-09-03-configuring-scan-policies-with-alert-tags/
#zaproxy #appsec

ZAP Updates - August 2025:
https://www.zaproxy.org/blog/2025-09-02-zap-updates-august-2025/

Microsoft Online Login Support, forking wavsep and much, much more!
#zaproxy #appsec

We have a new #evangelists channel on the ZAP Slack: https://www.zaproxy.org/slack/
For an invite go to https://www.zaproxy.org/slack/invite
Join up and help spread the word about #zaproxy !

Time for #WedneadayWins again. This week my #OpenSource journey includes more #zaproxy scan rule work, documentation contributions, a bit of GitHub actions stuff for myself personal repos. Dabbling in a bunch of different things.

Bring on your stories everyone!

All of the ZAP Docker images in the Software Security Project Docker Hub org have now been deleted.
If you were pulling from this org then please switch to the zaproxy org or use GHCR as per https://www.zaproxy.org/download/#docker
#zaproxy #appsec

ZAP Updates - July 2025
Authentication improvements, Edge support, timing rule changes, Docker news, and a new scan rule.
https://www.zaproxy.org/blog/2025-08-01-zap-updates-july-2025/
#zaproxy #appsec