New Blog Post: Detecting Circular Type References in GraphQL Schemas
https://www.zaproxy.org/blog/2026-02-06-detecting-graphql-cycles/
#zaproxy #appsec #graphql

New blog post: https://www.zaproxy.org/blog/2026-02-02-zap-updates-2025-highlights-2026-plans/
Highlights of 2025 and our initial plans for 2026, including more 3rd Party tool integrations, enhanced exploring and, yes, AI integration!
#zaproxy #appsec #ai

https://www.zaproxy.org/blog/2026-01-19-owasp-ptk-add-on/
#zaproxy #owasp #appsec

New “Getting Further with ZAP Scripting” pages: https://www.zaproxy.org/docs/getting-further/scripting/
Looking for something more? Let @psiinon know!

ZAP 2.17.0 is now available!
It includes performance improvements, a significant reduction in “duplicate” alerts reported, and new Insights which give you key information about scans.
https://www.zaproxy.org/blog/2025-12-15-zap-2-17-0/
#zaproxy #appsec

New blog post: #React2Shell Detection with ZAP
https://www.zaproxy.org/blog/2025-12-05-react2shell-detection-with-zap/
#zaproxy #appsec

The latest version of the retirejs add-on includes a test for CVE-2025-66478 which is marked as "critical" so update now to detect this vulnerability.

ZAP Updates for November 2025:
https://www.zaproxy.org/blog/2025-12-03-zap-updates-november-2025/
2.17.0 is coming soon, along with Insights and fixes for some issues that caused ZAP to log 50 million errors in one day!
#zaproxy #appsec

New ZAP blog post - read how Telmon Maluleka is enhancing ZAP with AI for Bug Bounty Hunting
https://www.zaproxy.org/blog/2025-11-28-enhancing-zap-with-ai-for-bug-bounty-hunting/
#zaproxy #appsec #bugbounty

ZAP logged 50 MILLION errors yesterday 😮 Read the blog for more details!
https://www.zaproxy.org/blog/2025-11-25-50-million-errors-in-one-day/
#zaproxy #appsec

Today’s weekly is the 2.17 Release Candidate! https://github.com/zaproxy/zaproxy/releases/tag/w2025-11-24
Feedback appreciated

The ZAP services may well be unavailable due to the ongoing Cloudflare problems.
See https://www.cloudflarestatus.com/ for more information.

ZAP Updates for October:
https://www.zaproxy.org/blog/2025-11-06-zap-updates-october-2025/
#zaproxy #appsec

We have just published a new ZAP weekly release, to fix a bug which could cause invalid JSON reports to be generated. If you are using the most recent weekly we recommend you update ASAP.

Sorry, we messed up!
A new scan rule triggered the ZAP Check for Updates call even if you used the "silent" mode.
For more details see https://www.zaproxy.org/blog/2025-10-21-zap-was-not-so-silent/

ZAP Blog: How to solve the Caido Labs using ZAP
https://www.zaproxy.org/blog/2025-10-15-solving-caido-labs/
c/o 5ubterranean_

ZAP updates for September:
https://www.zaproxy.org/blog/2025-10-01-zap-updates-september-2025/
#zaproxy #appsec

New blog post: Alert De-Duplification
https://www.zaproxy.org/blog/2025-09-30-alert-de-duplication/
#zaproxy #appsec

The ZAP team has forked and will maintain WAVSEP going forwards. This blog post explains why.

https://www.zaproxy.org/blog/2025-09-08-zap-is-adopting-wavsep/

#zaproxy #appsec #wavsep

You can now configure ZAP Scan Policies using Alert Tags:
https://www.zaproxy.org/blog/2025-09-03-configuring-scan-policies-with-alert-tags/
#zaproxy #appsec