Simon Bennetts

Simon Bennetts released OWASP ZAP in 2010 and since then has shepherded it to become the world's most popular web vulnerability scanner.
He is very active in OWASP and sits on the OWASP Project Committee.

He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac.
Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

Top 10 Infrastructure as code security tools for 2024

Top 10 Infrastructure as code security tools for 2024

Jit- Product security
Full Stack Security: Harnessing Open Source and Pro Tooling for Instant Protection

Full Stack Security: Harnessing Open Source and Pro Tooling for Instant Protection

Jit- Product security
Announcing: Jit is now part of the AWS ISV Accelerate Program

Announcing: Jit is now part of the AWS ISV Accelerate Program

Jit- Product security
7 Principles of Secure Design in Software Development

7 Principles of Secure Design in Software Development

Jit- Product security
What is Shift Left Security and 7 Steps to Get Started

What is Shift Left Security and 7 Steps to Get Started

Jit- Product security
10 Malicious Code Examples You Need to Recognize to Defend Your SDLC

10 Malicious Code Examples You Need to Recognize to Defend Your SDLC

Jit- Product security
A Step-by-step Guide to Preventing Dependency Confusion Attacks

A Step-by-step Guide to Preventing Dependency Confusion Attacks

Jit- Product security
IaC Security Essentials: How to Code Your Way to a Fort Knox Infrastructure

IaC Security Essentials: How to Code Your Way to a Fort Knox Infrastructure

Jit- Product security
Three Things to Look Forward to at OWASP Global AppSec DC 2023

Three Things to Look Forward to at OWASP Global AppSec DC 2023

Jit- Product security
Top 10 DAST Tools for 2024

Top 10 DAST Tools for 2024

Jit- Product security
Safeguarding Your Systems: Navigating Curl 8.4.0 Vulnerabilities

Safeguarding Your Systems: Navigating Curl 8.4.0 Vulnerabilities

Jit- Product security
7 Tips for an Effective SCA Scan

7 Tips for an Effective SCA Scan

Jit- Product security
The Security Risks of Forking

The Security Risks of Forking

Jit- Product security
AWS Security Token Service (STS): 7 Essentials to Save You Time

AWS Security Token Service (STS): 7 Essentials to Save You Time

Jit- Product security
Security as Code: 7 Building Blocks to Get You Started

Security as Code: 7 Building Blocks to Get You Started

Jit- Product security
How to Add Log4J Dependencies to Maven Projects

How to Add Log4J Dependencies to Maven Projects

Jit- Product security
10 SCA Security Tools to Protect Your Code in 2023

10 SCA Security Tools to Protect Your Code in 2023

Jit- Product security
From Developer to Security Experience in a Cloud Native World

From Developer to Security Experience in a Cloud Native World

Jit- Product security
6 Security Risks to Consider with WebAssembly

6 Security Risks to Consider with WebAssembly

Jit- Product security
The Security-First Mindset to Unlocking the AWS Opportunity

The Security-First Mindset to Unlocking the AWS Opportunity

Jit- Product security
SAST vs. DAST - Picking the Perfect Protector for Your Web App!

SAST vs. DAST - Picking the Perfect Protector for Your Web App!

Jit- Product security
Introducing the new Teams View in Jit

Introducing the new Teams View in Jit

Jit- Product security
Top 10 Snyk Alternatives for Code Security

Top 10 Snyk Alternatives for Code Security

Jit- Product security
7 Tips to Simplify Kubernetes Secrets Management

7 Tips to Simplify Kubernetes Secrets Management

Jit- Product security
7 Challenges & Solutions to Building a Modern Minimum Viable Secure Product (MVSP)

7 Challenges & Solutions to Building a Modern Minimum Viable Secure Product (MVSP)

Jit- Product security
10 Pros and Cons of GCP Security Command Center

10 Pros and Cons of GCP Security Command Center

Jit- Product security
SOC 2 Compliance Checklist [XLS Downloadable]

SOC 2 Compliance Checklist [XLS Downloadable]

Jit- Product security
AWS FTR (Foundational Technical Review) Checklist [XLS Download]

AWS FTR (Foundational Technical Review) Checklist [XLS Download]

Jit- Product security
8 Fundamentals for Cloud Native Applications Security You Shouldn't Overlook

8 Fundamentals for Cloud Native Applications Security You Shouldn't Overlook

Jit- Product security
12 Pros and Cons of Microsoft (Azure) Sentinel

12 Pros and Cons of Microsoft (Azure) Sentinel

Jit- Product security
20 Best VS Code Themes in 2023

20 Best VS Code Themes in 2023

Jit- Product security
Top 10 Cloud Security Tools for 2023

Top 10 Cloud Security Tools for 2023

Jit- Product security
A Step-by-step Guide to Using Kubescape to Protect Kubernetes Containers

A Step-by-step Guide to Using Kubescape to Protect Kubernetes Containers

Jit- Product security
Jit Now Available on AWS Marketplace and has become a Validated AWS Partner

Jit Now Available on AWS Marketplace and has become a Validated AWS Partner

Jit- Product security
Playing Around with AWS-Vault for Fun & Profit

Playing Around with AWS-Vault for Fun & Profit

Jit- Product security
CI/CD security: 12 tips for continuous security

CI/CD security: 12 tips for continuous security

Jit- Product security
Your Approach to Security Compliance Is Destroying Dev Culture

Your Approach to Security Compliance Is Destroying Dev Culture

Jit- Product security
How Jit Builds a Platform Engineering Mindset in the Cloud

How Jit Builds a Platform Engineering Mindset in the Cloud

Jit- Product security
Unlocking the Power of Security Orchestration

Unlocking the Power of Security Orchestration

Jit- Product security
Defining DORA-Like Metrics for Security Engineering

Defining DORA-Like Metrics for Security Engineering

Jit- Product security
How to use Semgrep to Uncover Log4j Vulnerabilities

How to use Semgrep to Uncover Log4j Vulnerabilities

Jit- Product security
AWS Community & Jit

AWS Community & Jit

Jit- Product security
What's New in Our Latest Jit Version

What's New in Our Latest Jit Version

Jit- Product security
Kubescape & Jit

Kubescape & Jit

Jit- Product security
How to use AWS Secrets Manager in the CLI [With Examples]

How to use AWS Secrets Manager in the CLI [With Examples]

Jit- Product security
Top 20 Best VScode Extensions for 2023

Top 20 Best VScode Extensions for 2023

Jit- Product security
What is a PyPi Server and How To Set It Up Securely

What is a PyPi Server and How To Set It Up Securely

Jit- Product security
Pulumi vs. Terraform: The IaC Showdown

Pulumi vs. Terraform: The IaC Showdown

Jit- Product security
How to Setup Semgrep Rules for Optimal SAST Scanning

How to Setup Semgrep Rules for Optimal SAST Scanning

Jit- Product security
And The Award(s) Go To... Jit!

And The Award(s) Go To... Jit!

Jit- Product security
How to calculate cycle time in software development

How to calculate cycle time in software development

Jit- Product security
What is MTTD, and how can you crush it

What is MTTD, and how can you crush it

Jit- Product security
10 Essential Steps for Web Application Security Testing

10 Essential Steps for Web Application Security Testing

Jit- Product security
7 Essential Steps to Correctly Calculate Change Failure Rate

7 Essential Steps to Correctly Calculate Change Failure Rate

Jit- Product security
The Developer's Guide to The DevSecOps Toolchain

The Developer's Guide to The DevSecOps Toolchain

Jit- Product security
5 Essentials Every DevSecOps Professional Needs

5 Essentials Every DevSecOps Professional Needs

Jit- Product security
What the Heck is SSDLC (Secure Software Development Lifecycle), and why should devs care?

What the Heck is SSDLC (Secure Software Development Lifecycle), and why should devs care?

Jit- Product security
How to Run a SAST Test with Bandit and JIT

How to Run a SAST Test with Bandit and JIT

Jit- Product security
AssumeRoleWithWebIdentity WHAT?! Solving the Github to AWS OIDC InvalidIdentityToken Failure Loop

AssumeRoleWithWebIdentity WHAT?! Solving the Github to AWS OIDC InvalidIdentityToken Failure Loop

Jit- Product security
NPM Audit: 5 Ways to Use it to Protect Your Code

NPM Audit: 5 Ways to Use it to Protect Your Code

Jit- Product security
The Developer's Guide to Using Gitleaks to Detect Hardcoded Secrets

The Developer's Guide to Using Gitleaks to Detect Hardcoded Secrets

Jit- Product security
DORA Metrics: Delivery vs. Security

DORA Metrics: Delivery vs. Security

Jit- Product security
8 Best Practices When Using AWS Security Groups

8 Best Practices When Using AWS Security Groups

Jit- Product security
The DevOps Guide to AWS Security Tools

The DevOps Guide to AWS Security Tools

Jit- Product security
The In-Depth Guide to OWASP's Top 10 Vulnerabilities

The In-Depth Guide to OWASP's Top 10 Vulnerabilities

Jit- Product security
The Developer's Guide to Using NPM Audit to Create a Dependency Tree

The Developer's Guide to Using NPM Audit to Create a Dependency Tree

Jit- Product security
Top 10 Continuous Security Monitoring (CSM) Tools for 2023

Top 10 Continuous Security Monitoring (CSM) Tools for 2023

Jit- Product security
How to Run an API Scanner with OWASP ZAP

How to Run an API Scanner with OWASP ZAP

Jit- Product security
How to use OWASP ASVS to Protect Web Applications

How to use OWASP ASVS to Protect Web Applications

Jit- Product security
How to Automate OWASP ZAP

How to Automate OWASP ZAP

Jit- Product security
How to Test Permissions Policy Header Configuration with ZAP

How to Test Permissions Policy Header Configuration with ZAP

Jit- Product security
6 Essential Steps to Use OWASP ZAP for Penetration Testing

6 Essential Steps to Use OWASP ZAP for Penetration Testing

Jit- Product security
Simon Bennetts, Creator & Lead Maintainer of OWASP ZAP Joins Jit

Simon Bennetts, Creator & Lead Maintainer of OWASP ZAP Joins Jit

Jit- Product security
Forget Mono Repo vs. Multi Repo - Building Centralized Git Workflows in Python

Forget Mono Repo vs. Multi Repo - Building Centralized Git Workflows in Python

Jit- Product security
What is Minimum Viable Security (MVS) and how does it improve the life of developers?

What is Minimum Viable Security (MVS) and how does it improve the life of developers?

Jit- Product security
Yippee! We've Raised $38.5M!

Yippee! We've Raised $38.5M!

Jit- Product security
Dev-Native Product Security- Here’s Why Born-Left Security Is Taking Over Shift-Left

Dev-Native Product Security- Here’s Why Born-Left Security Is Taking Over Shift-Left

Jit- Product security
Launching our first open source collaboration with Gitleaks

Launching our first open source collaboration with Gitleaks

Jit- Product security
Designing Secure Tenant Isolation in Python for Serverless Apps

Designing Secure Tenant Isolation in Python for Serverless Apps

Jit- Product security
Is Balancing Dev-Owned Security and Velocity Possible?

Is Balancing Dev-Owned Security and Velocity Possible?

Jit- Product security
Guest Post: A CIO/CISO Perspective on Agile Security and the Modern DevOps in the Startup Era

Guest Post: A CIO/CISO Perspective on Agile Security and the Modern DevOps in the Startup Era

Jit- Product security
Bootstrapping a Secure AWS as-Code Environment - Your MVS Checklist

Bootstrapping a Secure AWS as-Code Environment - Your MVS Checklist

Jit- Product security
Born left vs. shift left security and your 1st security developer/architect

Born left vs. shift left security and your 1st security developer/architect

Jit- Product security
5 Open source product-security tools for developers you should know of

5 Open source product-security tools for developers you should know of

Jit- Product security
Open Policy Agent as a Control Engine - DevSecOps Conf 2022 Recap

Open Policy Agent as a Control Engine - DevSecOps Conf 2022 Recap

Jit- Product security

Instantly achieve continuous product security, from day 0

Start Free