Tool Chain: Zed Attack Proxy (ZAP)
On the road to continuous refinement of the Continuous Deployment (CD) pipeline, I always find that teams often forget about security testing, in a similar way to performance testing. Teams seems to focus in code, then aContinuous Integration (CI) process at the outset. Only later when they begin to have conversation about the first prod release do they become aware of the need for CD. At the point of CD, they are still not thinking real CD, and thus have overlooked the needs of security (and performance), and are still fixated on the code – not the cleanliness of code.
I’m therefore curious how many readers are using OWASP Zed Attack Proxy, or similar in their tool chain.