Check it out 🚀 #AppSec #DevSecOps #WebAppSec #polyfill

Great team-up for use in recon. #RedTeam #recon #BugBountyTip #AppSec

Huge news for the Zed Attack Proxy team. Congrats!!!

Bypass URL validation with this new payload from Mateo Hanžek that's 'invalid' to Safari, and valid in Chrome and Firefox! We've just added it to our URL Validation Cheat sheet. portswigger.net/web-security/s…

Great community work here. #DAST #OpenSource #OWASP #DevSecOps #DevOps #AppSec #WebAppSec

I've forgot if I tweeted this or not but well I got asked about SVG XSS...

Content Type Research is a Github repository by @black2fan dedicated to documenting interesting content type processing that can lead to CSRF & XSS vulnerabilities in browsers and popular technologies! 🤑 It's worth checking out! 👇 buff.ly/3DcbbCa

Has anyone with API testing skills got a bit of free time this morning to have a quick look at the new DVWA API module for me before I release it: github.com/digininja/DVWA… Rather than impossible, I've implemented OAuth2 in one area and the challenge is to automate using it.

What public sites that you can self register for have particularly challenging or unusual authentication pages? We've updating Zed Attack Proxy to handle more auth pages automatically (with valid credentials of course). So please send me tricky examples we can test against!

Check it out, it's now even easier to get in-touch with the #zaproxy team. #AppSec #WebAppSec #BugBountyTips #RedTeam #PenTest #VulnerabilityAssessment #DAST

ZAP just won an award! Thanks @DefectDojo! zaproxy.org/blog/2025-04-2… #zaproxy #appsec #award

A good write-up on IDOR cases. #AppSec #BugBountyTips #IDOR x.com/s0md3v/status/…

This seems extra geeky to me, and I really like the creativity. Low TTL domain records and ToC/ToU abuse. #WebAppSec #BugBountyTips hackerone.com/reports/541169

Help the Zed Attack Proxy team!!!

Pro tip - if an article/post mentions "OWASP ZAP" then you know its out of date or badly researched. Zed Attack Proxy has not been an OWASP® Foundation project for nearly 2 years!

As promised, here is the first set of documentation for all of the authentication improvements the team has been working on zaproxy.org/blog/2025-07-0… #zaproxy #appsec

ZAP now has full support for Microsoft Edge 😀 zaproxy.org/blog/2025-07-1… #zaproxy #appsec

Great news/update from the Zed Attack Proxy team!

Public Service Announcement from the Zed Attack Proxy team: