The OWASP ZAP tool is a significant asset to Clue, as it is utilized on a daily basis by our security engineers. For the efficient design of a resilient WAF security policy, it is vital to reverse engineer the data flow of an application. OWASP ZAP offers an easy way to make the data flow transparent, to visualize the attack surface, and to develop tailor-made policies to minimize it. ZAP is also regularly used in application security consulting. Whether it is to develop and demonstrate a proof of concept for a found code vulnerability, to test an implemented application security function or just to have a function report which is used for threat modeling of an existing function. It is a pleasure to work with ZAP, which we use as a multi-tool for a variety of tasks related to application security.