Podcast: ZAP, Automation, and the Future of Open Source Security Testing

[Simon Bennetts]

I've just taken part in this podcast with Jerry Hoff.

https://appsec.fm/episode/ep7-zap-open-source-security-testing

The Zed Attack Proxy (ZAP) has grown from a personal project into one of the most widely used open-source security testing tools in the world. In this episode of AppSec.FM, Jerry Hoff talks with Simon Bennetts, founder and lead of ZAP, about its evolution, role in CI/CD automation, and the importance of community contributions. The conversation also explores the integration of AI, the unique position of ZAP in the security ecosystem, and where the project is headed next.

Highlights:

• The journey of ZAP from concept to millions of downloads.

• How ZAP is used by developers, security teams, and pen testers.

• Why automation in CI/CD pipelines is key for AppSec.

• The role of AI in modern security testing.

• How ZAP differs from other tools like Burp.

• Community involvement and the future of open-source AppSec.

• Handling modern protocols such as WebSockets.

• Future directions for ZAP and security testing with AI.

Let me know what you think, especially if you think I've got anything wrong!

Simon

[ar]

Hello Simon!

everything You said is correct.....

p.s. ....In modern society, earning money is necessary to ensure livelihood.....

best regards ar

пн, 6 окт. 2025 г. в 11:11, Simon Bennetts <psi...@gmail.com>:

--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/0f12e08e-f35f-4d45-bc6c-e821a229cd38n%40googlegroups.com.