Appearance

Security Research

Research. Analyze. Secure.

Real-world security research covering DAST, AI-assisted vulnerability analysis, attack chain modeling, and engineering benchmarks.

LATEST RESEARCH

Mastering ZAP Authenticated Scanning: Session Management, Scan Optimization, and Framework-Aware Configuration
DAST

Mastering ZAP Authenticated Scanning: Session Management, Scan Optimization, and Framework-Aware Configuration

How we went from broken session tokens and missed vulnerabilities to a fully authenticated, optimized DAST pipeline — and every lesson learned along the way.

·18 min read
Preprocessing HAR Files for OWASP ZAP Automation: A Practical Guide
DAST

Preprocessing HAR Files for OWASP ZAP Automation: A Practical Guide

HAR files captured from browser traffic can easily exceed 25 MB, but ZAP only reads request and response fields. By stripping everything else, you can reduce a 25 MB HAR to ~500 KB with zero loss of scan coverage.

·12 min read
Supercharging OWASP ZAP with HAR Traffic Replay: A 215× Coverage Increase
DAST

Supercharging OWASP ZAP with HAR Traffic Replay: A 215× Coverage Increase

How recording real browser traffic with the Corefix Extension and feeding it into ZAP's automation framework transforms DAST coverage from surface-level to deep.

·10 min read
We Benchmarked 21 LLMs on Security Analysis. Here's What We Found.
AI & Automation

We Benchmarked 21 LLMs on Security Analysis. Here's What We Found.

Processing time, task completion, and reliability data from running 247 real-world security findings through 21 LLMs - from Claude and GPT-5 to Bedrock and open-source models.

·6 min read
How We Teach a Security Scanner to Understand Your App Before It Tests It
Engineering

How We Teach a Security Scanner to Understand Your App Before It Tests It

The engineering behind intelligent ZAP context building — from raw HTML to authenticated scans, automatically. No manual setup required.

·10 min read
Beyond YAML: The 6 Hidden Layers of DAST Configuration Nobody Talks About
DAST

Beyond YAML: The 6 Hidden Layers of DAST Configuration Nobody Talks About

We fixed ZAP's scan policy and achieved 700% better SQL injection detection. Then we discovered five more configuration layers silently breaking real-world scans.

·12 min read

Explore Corefix

Platform

Discover how Corefix helps security teams identify, prioritize, and remediate vulnerabilities across cloud, web, code, and infrastructure environments.

Visit Website →

Documentation

Setup guides, scanner integrations, workflows, remediation automation, API references, and complete product documentation.

View Documentation →

Roadmap

See upcoming releases, planned features, product improvements, and the future direction of Corefix.

View Roadmap →