Welcome to a series of blog posts aimed at helping you “hack the ZAP source code”. The previous post in this series is: Hacking ZAP #3 - Passive scan rules Active scan rules are another relatively simple way to enhance ZAP. Active scan rules attack the server, and therefore are only run when explicitly invoked by the user. You should only use active scan rules against applications that you have permission to attack. You can also write active scan rules dynamically using scripts, as we wil...| ZAP
Unit tests are wonderful things, but they are painful to add to a mature project that doesn’t have enough of them. We would love to have more ZAP unit tests, and we are therefore launching a Unit Test Bounty program, where we pay for unit tests for specific areas of the ZAP codebase.| ZAP