Rebrand

Signed-off-by: Simon Bennetts <psiinon@gmail.com>

site/config.yaml

@@ -45,10 +45,6 @@ menu:
       URL: /community/
       weight:  5
 
-    - name:  Support
-      URL: /support/
-      weight:  5
-
   footer: 
     - name:  "Blog"
       URL:  "/blog/"
@@ -62,10 +58,6 @@ menu:
       URL: /community/
       weight:  4
 
-    - name:  Support
-      URL: /support/
-      weight:  5
-
     - name:  Statistics
       URL: /docs/statistics/
       weight:  6

site/content/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/index.md

@@ -0,0 +1,45 @@
+---
+title: "ZAP Has Joined Forces With Checkmarx"
+summary: "This is a huge investment (and vote of confidence) in ZAP and will secure the project’s future success."
+images:
+- https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/images/zap-by-checkmarx.png
+type: post
+tags:
+  - blog
+  - funding
+date: "2024-09-24"
+authors:
+  - simon
+---
+
+## HeadLine News!
+I am delighted to announce that ZAP has joined forces with [Checkmarx](https://checkmarx.com/) to secure the project’s future success.
+Checkmarx will employ all three of the ZAP project leaders (myself, [Ricardo](/docs/team/thc202/), and [Rick](/docs/team/kingthorin/)),
+to work on both ZAP and Checkmarx' DAST solution (built on top of ZAP). 
+
+This is by far the biggest investment any one company has made in ZAP and ensures that ZAP will continue to thrive.
+
+## What Does This Mean In Practice?
+As you may have noticed on the website, ZAP will now be known as “ZAP by Checkmarx”.
+
+ZAP will stay under the control of the ZAP Core Team, remain open source, and stay licensed under Apache v2.
+We are still community focused, but Checkmarx’ support will enable us to support this community even better than before.
+
+While Checkmarx will have a direct influence on our roadmap, we're confident that their priorities align closely with our existing roadmap - one that is based on the features that many of you have been asking for.
+
+The most important change is that ZAP will have proper backing - for the first time in its history.
+With more people exclusively focused on ZAP as part of their daily work, we will be able to improve ZAP at a faster rate than ever before.
+
+Another big change for us is that we will also get direct access to Checkmarx’ customer base. 
+As an open source project, we often struggle to get the detailed information we need to resolve user problems.
+Many companies simply cannot share the level of detail we need from them unless there is a contract in place.
+This change will not only allow us to support those customers more effectively, but also support overarching improvements for everyone who uses ZAP.
+
+For Checkmarx’ take on our new partnership, check out their announcement: 
+[](https://checkmarx.com/press-releases/checkmarx-joins-forces-with-zap-to-supercharge-dynamic-application-security-testing-dast-for-the-enterprise-and-enhance-community-growth/)
+
+## Thank You to CrashOverride
+Last but definitely not least, a huge thank you to [CrashOverride](https://crashoverride.com/?zap=web), who stepped up and 
+[supported us](/blog/2024-03-13-zap-funding-and-the-open-source-fellowship/) when we needed it most. 
+Without their help and support the ZAP project may not have survived.
+

site/content/docs/team/kingthorin.md

@@ -14,7 +14,7 @@ Rick started contributing to ZAP in 2014.
 
 #### Sponsor
 
-Rick can be sponsored directly via his [GitHub Sponsors](https://github.com/sponsors/kingthorin/) page.
+Rick is employed by [Checkmarx](https://checkmarx.com/) to work on ZAP.
 
 #### Other Work
 

site/content/docs/team/psiinon.md

@@ -14,7 +14,7 @@ Simon released ZAP in 2010 and has been working on it ever since.
 
 #### Sponsor
 
-Simon's work on ZAP is sponsored by [The Crash Override Open Source Fellowship](https://crashoverride.com?zap=web).
+Simon is employed by [Checkmarx](https://checkmarx.com/) to work on ZAP.
 
 #### Expertise
 

site/content/docs/team/thc202.md

@@ -12,7 +12,7 @@ Ricardo started working on ZAP in 2011 and has made more PRs against the ZAP rep
 
 #### Sponsor
 
-Ricardo's work on ZAP is sponsored by [The Crash Override Open Source Fellowship](https://crashoverride.com?zap=web).
+Ricardo is employed by [Checkmarx](https://checkmarx.com/) to work on ZAP.
 
 #### Expertise
 

site/content/getting-started/index.md

@@ -45,10 +45,10 @@ Pentesting usually follows these stages:
 The ultimate goal of pentesting is to search for vulnerabilities so that these vulnerabilities can be addressed. It can also verify that a system is not vulnerable to a known class or specific defect; or, in the case of vulnerabilities that have been reported as fixed, verify that the system is no longer vulnerable to that defect.
 
 ### Introducing ZAP
-Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of 
-The Software Security Project (SSP). ZAP is designed specifically for testing web applications and is both flexible and extensible.
+Zed Attack Proxy (ZAP) by Checkmarx is a free, open-source penetration testing tool.
+ZAP is designed specifically for testing web applications and is both flexible and extensible.
 
-At its core, ZAP is what is known as a “man-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.
+At its core, ZAP is what is known as a “manipulator-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.
 
 {{< img "images/browser-no-proxy.png" >}}  
 
@@ -60,9 +60,6 @@ ZAP provides functionality for a range of skill levels – from developers, to t
 
 Because ZAP is open-source, the source code can be examined to see exactly how the functionality is implemented. Anyone can volunteer to work on ZAP, fix bugs, add features, create pull requests to pull fixes into the project, and author add-ons to support specialized situations.
 
-As with most open source projects, donations are welcome to help with costs for the projects. For more details see the 
-[Sponsor](/sponsor/) page.
-
 ### Install and Configure ZAP
 ZAP has installers for Windows, Linux, and macOS. There are also Docker images available on the download site listed below.
 
@@ -75,9 +72,9 @@ Once the installation is complete, launch ZAP and read the license terms. Click
 
 ###### macOS
 ZAP is currently not a verified developer with Apple. On macOS, you will see a message like: 
-> “OWASP ZAP.app” cannot be opened because the developer cannot be verified.
+> “ZAP.app” cannot be opened because the developer cannot be verified.
 
-To circumvent this warning, you would need to go to **System Preferences** &gt; **Security & Privacy** at the bottom of the dialog. You will see a message saying that "OWASP ZAP" was blocked. Next to it, if you trust the downloaded installer, you can click **Open anyway**.
+To circumvent this warning, you would need to go to **System Preferences** &gt; **Security & Privacy** at the bottom of the dialog. You will see a message saying that "ZAP" was blocked. Next to it, if you trust the downloaded installer, you can click **Open anyway**.
 
 ##### Persisting a Session
 When you first start ZAP, you will be asked if you want to persist the ZAP session. By default, ZAP sessions are always recorded to disk in a HSQLDB database with a default name and location. If you do not persist the session, those files are deleted when you exit ZAP.
@@ -218,13 +215,6 @@ ZAP is an ideal tool to use in automation and supports a range of options:
 - [Automation Framework](/docs/automate/automation-framework/)
 - [API and Daemon mode](/docs/api/)
 
-### Support
-The available support options are summarised in the ‘Support’ screen.
-
-ZAP is a non profit organisation, and any money raised by these services will help fund ZAP developments.
-
-{{< img "images/zap-qstart-support.png" >}}
-
 ### Learn More About ZAP
 Now that you are familiar with a few basic capabilities of ZAP, you can learn more about ZAP’s capabilities and how to use them from ZAP’s [Desktop User Guide](/docs/desktop/). The User Guide provides step-by-step instructions, references for the API and command-line programming, instructional videos, and tips and tricks for using ZAP.
 

site/content/supporters.md

@@ -3,7 +3,8 @@ type: page
 title: Supporters
 layout: supporters
 description: Companies and organisations who have supported ZAP in a variety of ways
+aliases:
+  - /sponsor/
+  - /support/
 ---
 
-For details on how to support ZAP see the [Support](/support/) page.
-

site/content/third-party-engagement.md

@@ -7,15 +7,15 @@ __This is not a legal document, third parties are expected to perform their own
 
 * Any third party can sponsor anyone to work on ZAP
 * Third parties can promote their sponsorship of ZAP or people working on ZAP
-* Any third party can build commercial services using ZAP as long as they conform to all of the [relevant Open Source licences](https://github.com/zaproxy/zaproxy/blob/main/LEGALNOTICE.md) and do not claim that it is endorsed by the ZAP core team or the Software Security Project
-* Any third party can rebundle and redistribute ZAP with any other components as long as they do not claim it is an “official ZAP release” or endorsed by either the ZAP core team or the Software Security Project
+* Any third party can build commercial services using ZAP as long as they conform to all of the [relevant Open Source licences](https://github.com/zaproxy/zaproxy/blob/main/LEGALNOTICE.md) and do not claim that it is endorsed by the ZAP core team
+* Any third party can rebundle and redistribute ZAP with any other components as long as they do not claim it is an “official ZAP release” or endorsed by either the ZAP core team
 * Third parties are encouraged to be public about their use of ZAP and to contribute back fixes and enhancements
 * Third parties should not use "ZAP" or "ZAPROXY" in their product names
 * Third party specific add-ons can be added to the ZAP Marketplace as long as the add-ons are free and Open Source and it is clear who developed/supports them. Any services those add-ons connect to can be Open Source, closed source, free or commercial
 * Third party specific add-ons will not be included in the official ZAP distributions
   * Exceptions may be made by the ZAP core team, for example add-ons which connect to commonly used components like bug trackers
 * Third party specific add-ons should not be included in the ZAP code base (with the above proviso)
-* Third parties can offer free or paid-for support for ZAP as long as they do not claim that it is endorsed by the ZAP core team or the Software Security Project
+* Third parties can offer free or paid-for support for ZAP as long as they do not claim that it is endorsed by the ZAP core team
 * ZAP communication channels cannot be used to endorse commercial products
 * Commercial products based on ZAP can be mentioned on ZAP communication channels as long as all similar commercial products are treated equally
 * Code will be merged into the code base based on its quality and suitability as decided by the ZAP core team

site/data/events.yaml

@@ -73,6 +73,14 @@
   link: https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/zaproxy/zap/extension/spider/SpiderEventPublisher.java
   event: scan.completed
 
+- publisher: org.zaproxy.zap.extension.spiderAjax.SpiderEventPublisher
+  link: https://github.com/zaproxy/zap-extensions/blob/main/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/SpiderEventPublisher.java
+  event: scan.started
+
+- publisher: org.zaproxy.zap.extension.spiderAjax.SpiderEventPublisher
+  link: https://github.com/zaproxy/zap-extensions/blob/main/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/SpiderEventPublisher.java
+  event: scan.stopped
+
 - publisher: org.zaproxy.zap.extension.websocket.WebSocketEventPublisher
   link: https://github.com/zaproxy/zap-extensions/blob/main/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/WebSocketEventPublisher.java
   event: ws.stateChange

site/data/homepage/hero.yml

@@ -1,8 +1,9 @@
 heroItems:
   - headline: Zed Attack Proxy (ZAP)
+    byline: by Checkmarx
     subhead: 
-      The world’s most widely used web app scanner. Free and open source. 
-      Actively maintained by a dedicated international team of volunteers.
-      A GitHub Top 1000 project.
+      The world’s most widely used web app scanner. 
+      Free and open source. 
+      A community based GitHub Top 1000 project that anyone can contribute to.
     image: hero-illustration-1.svg
     imageSize: 290

site/data/roadmap.yaml

@@ -1,12 +1,6 @@
 - item: Release 2.16
   status: ⌚ Planned
   year: 2024
-
-- item: Secure Funding for ZAP Development
-  status: ⚡ In progress
-  year: 2024
-  sponsor: Crash Override
-  sponsorlink: https://crashoverride.com/?zap=web
 - item: Import PCAP files
   status: ⚡ In progress
   url: https://github.com/zaproxy/zaproxy/issues/4812
@@ -16,7 +10,7 @@
   url: https://github.com/zaproxy/zaproxy/issues/7695
   year: 2024
   sponsor: ZAProxy Ltd
-  sponsorlink: https://zaproxy.com/
+  sponsorlink: https://www.zaproxy.com/
 - item: Improve modern web app handling
   url: /blog/2023-11-03-handling-modern-web-apps-better-part1/
   status: ⚡ In progress
@@ -58,6 +52,12 @@
   url: /blog/2023-01-19-authentication-help/
   year: n/a
 
+- item: Secure Funding for ZAP Development
+  status: 🎉 Finished
+  url: /blog/2024-09-24-zap-has-joined-forces-with-checkmarx/
+  year: 2024
+  sponsor: CrashOverride
+  sponsorlink: https://crashoverride.com/?zap=web
 - item: Document Target Scanning Issues
   status: 🎉 Finished
   url: /docs/getting-further/automation/target-scanning-issues/

site/data/statistics.yaml

@@ -639,6 +639,20 @@
   code: main/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/QuickStartPanel.java
   desc: The number of times the given news item has been clicked on
 
+- key: stats.network.send.failure
+  scope: global
+  type: counter
+  repo: zaproxy/zap-extensions
+  code: main/addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/BaseHttpSender.java
+  desc: The number of times ZAP has failed to send an HTTP request
+
+- key: stats.network.send.success
+  scope: global
+  type: counter
+  repo: zaproxy/zap-extensions
+  code: main/addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/BaseHttpSender.java
+  desc: The number of times ZAP has sucessfully sent an HTTP request
+
 - key: stats.oast.boast.interactions
   scope: global
   type: counter
@@ -821,6 +835,20 @@
   code: main/zap/src/main/java/org/zaproxy/zap/extension/pscan/scanner/RegexAutoTagScanner.java
   desc: The number of messages containing the given tag
 
+- key: stats.tech.reqcount.id
+  scope: site
+  type: highwatermark
+  repo: zaproxy/zap-extensions
+  code: main/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/TechPassiveScanner.java
+  desc: The highest request count the successfully identified a new technology for the site
+
+- key: stats.tech.reqcount.total
+  scope: site
+  type: highwatermark
+  repo: zaproxy/zap-extensions
+  code: main/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/TechPassiveScanner.java
+  desc: The total number of requests analysed to detect technology for the site
+
 - key: stats.websockets.bytes.incoming
   scope: site
   type: counter