There is now a new blog just for ZAP:
- ZAP blog And the first post on it is a copy of this blog post on the Mozilla Security blog:
- OWASP ZAP– the Firefox of web security tools
Here are the Penetration Testing For Developer blog posts that I have made regarding ZAP (latest first):
- OWASP AppSec EU 2011 review in which I mention my ZAP talk
- OWASP Zed Attack Proxy
- Exploring a web application with ZAP
- Introducing the Zed Attack Proxy
- Welcome to my Penetration Testing for Developers blog
And here are posts that other people have made about ZAP:
- Bypassing File Upload Filters with OWASP ZAP Request Editing - Peerlyst post
- http://www.scmagazine.com/push-comes-to-shove/article/276456/ SC Magazine: Push comes to shove
- http://www.csoonline.com/slideshow/detail/80286/Twenty-free-and-effective-infosec-tools The top 20 best free security tools, which includes ZAP :D
- http://resources.infosecinstitute.com/owasp-zap/ Great introduction to ZAP from the
InfoSecInstitute - http://www.chmag.in/article/oct2012/owasp-zed-attack-proxy-zap
ClubHACKMagazine article on ZAP - http://www.html.it/articoli/vulnerability-assessment-di-una-web-application-con-zap/ Vulnerability assessment di una Web Application con ZAP (Italian) English translation via Google translate
- http://www.sempf.net/post/Pentesting-Windows-8-Metro-Apps-with-Zed-Attack-Proxy.aspx Doing security analysis on Windows 8 Metro Apps with Zed Attack Proxy
- http://newsroom.cybercom.com/owasp-zap/ Short article about using ZAP early in the development process
- http://holisticinfosec.blogspot.com/2011/11/toolsmith-owasp-zap-zed-attack-proxy.html Great Toolsmith article about ZAP
- http://www.storyiq.com/2011/test-software-engineer/security-testing-selenium-zap/ Security testing with Selenium and ZAP
- http://blog.taddong.com/2012/02/building-owasp-zap-using-eclipse-ide.html Building OWASP ZAP using Eclipse (v2.0) - this is now the official guide to building ZAP!
- http://blog.taddong.com/2011/08/building-owasp-zap-using-eclipse-ide.html Building OWASP ZAP using Eclipse (v1.0) - this was the official guide to building ZAP in 2011!
- http://static.raibledesigns.com/repository/presentations/Java_Web_Application_Security_Jazoon2011.pdf A java security presentation by Matt Raible
- http://raibledesigns.com/rd/entry/java_web_application_security_part4 Matt Raible's experience pentesting with ZAP
- http://www.heise.de/developer/artikel/developer_artikel_1262208.html Germal
AppSecEU review including ZAP - http://securityconscious.blogspot.com/2011/06/owasp-appsec-eu-slides-pictures-and.html OWASP
AppSecEU, slides, pictures and experience also including my ZAP talk - http://logiclab.dk/wordpress/2011/06/11/appseceu-2011-dublin-day-2/ Another OWASP
AppSecEU 2011 review mentioning my ZAP talk - http://secureappdev.blogspot.com/2011/06/owasp-appsec-eu-2011.html A review of OWASP
AppSecEU 2011 including my ZAP talk - http://www.youtube.com/watch?v=74LhgKsV7aY A video showing how to run ZAP from
BackBoxLinux - http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/#xss Examples of using a variety of tools to find the OWASP top ten including using ZAP to find an XSS
- http://www.youtube.com/watch?v=bdMcnOiBloM A Gourse rendition of the ZAP svn repository - thanks Fitblip!
- http://www.youtube.com/watch?v=44fCfucYQVI A video showing some of ZAP's features
- http://www.hackernews.com/2011/01/17/hnncast-2011-01-14/ Another mention on the Hacker News Network
- http://www.hackernews.com/tag/zed-attack-proxy/ Quick mention of the OSX version of ZAP on the Hacker News Network
- http://www.securitybydefault.com/2010/12/nueva-version-de-owasp-zed-attack-proxy.html Security By Default article in Spanish
- http://holisticinfosec.org/toolsmith/pdf/december2010.pdf Toolsmith article about SamuraiWTF including coverage of ZAP
- http://www.iniqua.com/2010/10/06/zap-zed-attack-proxy-parosproxy-vitaminado/ ZAP - Paros Proxy enhanced (Spanish blog post)
- http://www.pentestit.com/tag/owasp-zed-attack-proxy/ PenTestIT blog
- http://security-sh3ll.blogspot.com/2010/09/zap-zed-attack-proxy-v10.html Security-Shell page
Let me know if you find any others and I'll add them here.