StackHawk is thrilled to introduce the new ZAP Fund

$100,000 Dedicated
to Improving ZAP
and the ZAP Community

StackHawk Loves Zap

Why StackHawk

Loves ZAP

ZAP is the world’s most widely used application security testing tool. As an open-source project, it has developed significant popularity among security teams, penetration testers, and engineering orgs alike.

Teams at some of today’s leading software companies rely on ZAP as their dynamic application security testing (DAST) tool. When it comes to a DAST scanner, it is tough to beat ZAP.

How We’re Improving ZAP

What We Have Contributed

At StackHawk, we have proudly built our application security testing scanner on top of ZAP. But we didn’t stop there. We made giving back to ZAP a priority since we created our platform.
  • StackHawk’s Major Contributions Back to ZAP
  • More complete issue detection and reduction of false positives
  • More robust and complete RestAPI testing
  • Ability to add compiled scripting support for speed in customized testing

Bounty Program Overview

Here is how the ZAP Fund Bounty Program works:
  • Pick an issue from the open bounties below
  • Write the code to resolve it. Make sure to include tests.
  • Submit a PR and link it to the issue.
  • Once your PR is accepted and merged, send an email to In your email include links to your PR, the issue it resolved, your name, and address.
Once we get your email and confirm your fix we’ll work on getting you paid out. There may be more information needed based on your location.

ZAP Bounties


We have created a tiering system for bounties that determines the reward. Tiers are assigned based on the estimated complexity of the issue and time spent to resolve it. These tiers represent the maximum amount payable for any issue. Issues cannot be reclassified.

Please note: The bounties listed below are a maximum for a given tier and actual payout may be less.



Bountied Issues

Nothing catching your eye? Check back soon for more bountied issues!

Issue #TitlePriority