Episode 7

ZAP, Automation, and the Future of Open Source Security Testing

The Zed Attack Proxy (ZAP) has grown from a personal project into one of the most widely used open-source security testing tools in the world. In this episode of AppSec.FM, Jerry Hoff talks with Simon Bennetts, founder and lead of ZAP, about its evolution, role in CI/CD automation, and the importance of community contributions. The conversation also explores the integration of AI, the unique position of ZAP in the security ecosystem, and where the project is headed next.

Highlights:

• The journey of ZAP from concept to millions of downloads.

• How ZAP is used by developers, security teams, and pen testers.

• Why automation in CI/CD pipelines is key for AppSec.

• The role of AI in modern security testing.

• How ZAP differs from other tools like Burp.

• Community involvement and the future of open-source AppSec.

• Handling modern protocols such as WebSockets.

• Future directions for ZAP and security testing with AI.


Guest links:

https://www.linkedin.com/in/psiinon/

https://www.zaproxy.org

AppSec.FM is the podcast for application security professionals, hosted by Jerry Hoff. Subscribe on Apple Podcasts, Spotify, or at appsec.fm.

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for AppSec
AppSec

Listen for free

About your host

Profile picture for Jerry Hoff

Jerry Hoff

For the past two decades, I’ve been on the front lines of application security, leading teams, teaching thousands of developers, and helping shape how organizations around the world defend their software. Along the way I’ve held leadership roles at Aspect Security, WhiteHat Security, Sony Electronics, and NTT, always with the same goal: making technology safer.

Today I run AppSec Training, a boutique company dedicated to transforming security education into something practical, engaging, and impactful.

And now, through AppSec.FM, I get to do what I love most: connect with the brightest minds in cybersecurity, uncover their stories, and explore how we can secure software in an era defined by AI, rapid innovation, and relentless new threats.