The Zed Attack Proxy (ZAP) has grown from a personal project into one of the most widely used open-source security testing tools in the world. In this episode of AppSec.FM, Jerry Hoff talks with Simon Bennetts, founder and lead of ZAP, about its evolution, role in CI/CD automation, and the importance of community contributions. The conversation also explores the integration of AI, the unique position of ZAP in the security ecosystem, and where the project is headed next.

Highlights:

• The journey of ZAP from concept to millions of downloads.

• How ZAP is used by developers, security teams, and pen testers.

• Why automation in CI/CD pipelines is key for AppSec.

• The role of AI in modern security testing.

• How ZAP differs from other tools like Burp.

• Community involvement and the future of open-source AppSec.

• Handling modern protocols such as WebSockets.

• Future directions for ZAP and security testing with AI.

Guest links:

https://www.linkedin.com/in/psiinon/

https://www.zaproxy.org

—

AppSec.FM is the podcast for application security professionals, hosted by Jerry Hoff. Subscribe on Apple Podcasts, Spotify, or at appsec.fm.