Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true to its open source history. Simon Bennetts, founder of ZAP, and Ori Bendet from Checkmarx update us on that journey, share some exploration of LLM fuzzing that ZAP has been working on, and what the future looks like for this well-loved project.

Segment Resources:

• https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
• https://www.zaproxy.org/blog/2024-09-30-improving-fuzzing-payloads-for-llms-with-fuzzai/
• https://checkmarx.com/press-releases/checkmarx-joins-forces-with-zap-to-supercharge-dynamic-application-security-testing-dast-for-the-enterprise-and-enhance-community-growth/
• KICS: https://github.com/Checkmarx/kics
• 2MS: https://github.com/Checkmarx/2ms

Show Notes: https://securityweekly.com/asw-302