Posted Wednesday April 1, 2026
1288 Words
OWASP PTK 9.8.0 and the ZAP OWASP PTK add-on 0.3.0 now let ZAP display OWASP PTK findings directly as ZAP Alerts. This post shows how to install the add-on, choose which PTK rules to run (SAST / IAST / DAST), optionally auto-start scans on browser launch, and then scan OWASP Juice Shop with all results visible in ZAP.
Posted Friday March 27, 2026
1528 Words
This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines, built on top of ZAP’s Automation Framework.
Posted Monday January 19, 2026
890 Words
OWASP PTK is now pre-installed in the browsers launched by ZAP (Chrome, Edge and Firefox). This post shows how to run PTK’s DAST, IAST, SAST, and SCA inside the same authenticated session you’re testing, plus practical JWT and cookie workflows—while ZAP remains your traffic and context hub.