ZAP – Akshath

Configuring Scan Policies with Alert Tags

Last Posted Wednesday September 3, 2025

A new feature in ZAP’s automation framework allows you to configure scan policies using alert tags, making it easier to target specific types of vulnerabilities without manually managing individual scan rules.

ZAP Updates - April 2025

Last Posted Monday May 5, 2025

April 2025 updates and ongoing feature development statuses.

ZAP Updates - January 2025

Last Posted Tuesday February 4, 2025

Starting 2025 with a full release, a new way to crawl modern web apps, and better authentication capabilities.

ZAP Updates - October 2024

Last Posted Friday November 1, 2024

ZAP Updates are back after a small break. Read about the updates from October, including an upgrade to Java 17, scanning of sequenced requests, a potential LLM integration, and more.

ZAP Scripts are now Full Scan Rules!

Last Posted Wednesday July 17, 2024

ZAP scripts can now do everything that scan rules can.

ZAP Updates - October 2023

Last Posted Thursday November 2, 2023

A new ZAP version, a CLI feature to do quick reconnaissance, and more!

ZAP Updates - June 2023

Last Posted Wednesday July 5, 2023

June 2023 updates and ongoing feature development statuses.

ZAP Docker Images in GitHub Container Registry

Last Posted Tuesday June 13, 2023

ZAP Docker images are now also published to the GitHub Container Registry.

ZAP Updates - May 2023

Last Posted Thursday June 1, 2023

May 2023 updates and ongoing feature development statuses.

ZAP Updates - March 2023

Last Posted Monday April 3, 2023

March 2023 updates and ongoing feature development statuses.

Hacking ZAP - ZAP Extender Scripts

Last Posted Tuesday September 13, 2022

An overview of ZAP Extender scripts with examples. Use ZAP as a web server, subscribe to internal ZAP events, and more!

Log4Shell Detection with ZAP

Last Posted Tuesday December 14, 2021

A walkthrough of using the new Log4Shell Alpha Active Scan rule with the ZAP Automation Framework.

Out-of-band Application Security Testing with OWASP ZAP

Last Posted Monday August 23, 2021

An overview of the features of the OAST add-on for OWASP ZAP. This add-on allows you to discover out-of-band vulnerabilities like SSRF.

Introducing the GraphQL Add-on for ZAP

Last Posted Friday August 28, 2020

GraphQL Schemas can be very large and testing them can be a very time-consuming process. Currently, there is a lack of tools that allow developers to launch and automate attacks on these endpoints. The GraphQL add-on for ZAP intends to fill this gap.

The add-on is still in an early stage, so the range of its functionality is limited. However, you can combine it with existing ZAP functionality to abuse GraphQL endpoints in many different ways.

Author: Akshath