DevelopersDevOpsNewsOpen SourceSecurity

OWASP Zed Attack Proxy (ZAP) 2.12.0 Delivers More Comprehensive Scanning


Simon Bennetts, Founder and Chief Maintainer of OWASP Zed Attack Proxy (ZAP), have announced on behalf of the community that version 2.12.0 is now available for download under the Apache 2 license. A dynamic application security testing (DAST) tool, ZAP helps users find security vulnerabilities in their code. The latest version delivers a new and improved networking stack, greater flexibility to accommodate future updates, a multi-threaded passive scanner for faster scanning, and a slate of dependency updates.

New updates include:

  • A new networking stack allows ZAP to support new protocols like HTTP/2.
    The spider has been moved to an add-on, allowing the community to update ZAP at any time. As a bonus, the spider also can find many more URLs compared to the previous version.
  • A multi threaded passive scanner significantly speeds up the time required to complete scans.
  • A large number of active and passive scan rules have been promoted. telemetry removal—all “calls home” now only use the domain.
  • The stable release also includes dependency updates (including log4j). While not exploitable in 2.11.1, they did still trigger vulnerability scanners.

Bennetts recently joined the team at, the company codifying product security for developers. At Jit, Bennetts will continue to focus on the development of ZAP. ZAP is one of the underlying scanning technologies for the Jit DevSecOps platform, which enables developers to implement MVS—“Minimum Viable Security”—from Day Zero of product development and more easily achieve continuous security.

Don't miss out great stories, subscribe to our newsletter.

Wipro To Launch A Dedicated VMware Business Unit To Accelerate Digital Transformation

Previous article

Organizations Admit More Could Be Done To Improve DevSecOps Practices: Survey

Next article
Login/Sign up