What gets measured, gets managed.

We've just changed the @zaproxy core to handle diskspace / filestore issues more cleanly. If you see any significant change in behaviour in the ZAP nightlies or weeklies then let me know!

A big shoutout to @psiinon and the @zaproxy team for the collaboration on adding new ascan suspicious transformation checks based on our research! We (@4ng3lhacker and I) will be discussing them in our @owasp session this Friday, Nov 7th at 1:15pm.

I've always said that developers who use @zaproxy will be more in demand, but great to get confirmation of that , via LinkedIn

negative thinking destroys your brain being a silly goose and delusionally optimistic is the ultimate longevity hack

And if you think you've got the technical chops, consider contributing to @zaproxy. Just in time for @hacktoberfest.

ZAP Alert tags are no longer just metadata. You can now use them to configure your scan policies. https://t.co/x4PVWJVwfJ

A programmer should be able to parse a language, review a patch, optimize a database query, make a website, secure a server, debug without sources, write an exploit, grep a log file, build a kernel, write a manual, run efficiently, crash gallantly. Specialization is for insects.

"I use AI in a separate window. I don't enjoy Cursor or Windsurf, I can literally feel competence draining out of my fingers." @dhh, the legendary programmer and creator of Ruby on Rails has the most beautiful and philosophical idea about what AI takes away from programmers.

ZAP updates for June: A new Intro video, lots of authentication work, and more news on the ZAP browser extensions. https://t.co/CdSe6DNSjb #zaproxy #appsec

You can expose your ZAP callback server with Tailscale using `tailscale funnel` to use in out-of-band attack payloads.

wrote a new essay on how software became a lifestyle brand. it's about tools, taste, and why your dock probably says more than your instagram https://t.co/SnJ8QYmwsO cheers

I vibe-coded a slot machine that generates project ideas https://t.co/lCPAk2ubwl

Really happy with how the tabbed output feature for scripts turned out - excited for users to try it. Still plenty of work to do, but this is another step towards making ZAP a true "Integrated Hacking Environment", as @psiinon calls it.

Being a hacker has little to with your job. It's in your blood, your soul— it's a way of thinking. It's curiosity, creativity, and challenging norms. It's a relentless pursuit of knowledge, it's embracing the unconventional. Whatever you do today, bring the hacker mindset.

What public sites that you can self register for have particularly challenging or unusual authentication pages? We've updating @zaproxy to handle more auth pages automatically (with valid credentials of course). So please send me tricky examples we can test against!

mitmproxy 11.1 is out! 🥳 We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings. Details at https://t.co/0i7mQoDyKV. Super proud of this team effort. 😃

The @zaproxy release process has been started for 2.16.0😀

I wonder if a "smart" version of a door frame metal detector would be any useful, e.g. one that emits stats that would allow exposing a dashboard with metrics such as the number of people that passed through the frame.

Who else is filled with intense optimism for 2025?