Merge pull request #3065 from psiinon/success/possible

Success: Possible Security

Author: thc202

site/content/success/banzaicloud/index.md

@@ -11,4 +11,4 @@ company:
   logo: /img/success/banzai-cloud.png
 ---
 
-At Banzai Cloud we use our dast-operator which leverages OWASP ZAP to run baseline scans against the services we deploy on the K8S cluster. This operator deploys OWASP ZAP to the K8S cluster and initiates automated security testing for web applications and APIs based on OpenAPI definitions. Besides the operator responsible for starting the scan against a service, it can prevent opening a vulnerable service to outside. The prevention mechanism is based on the built-in admission controller which is watching the ingress resources. The admission controller checks the backend services of the ingress and makes a decision depending on the result of the OWASP ZAP scans.
+At Banzai Cloud we use our dast-operator which leverages ZAP to run baseline scans against the services we deploy on the K8S cluster. This operator deploys ZAP to the K8S cluster and initiates automated security testing for web applications and APIs based on OpenAPI definitions. Besides the operator responsible for starting the scan against a service, it can prevent opening a vulnerable service to outside. The prevention mechanism is based on the built-in admission controller which is watching the ingress resources. The admission controller checks the backend services of the ingress and makes a decision depending on the result of the ZAP scans.

site/content/success/clue/index.md

@@ -11,4 +11,4 @@ company:
   twitter: ClueSecurity
 ---
 
-The OWASP ZAP tool is a significant asset to [Clue](https://clue.ch/), as it is utilized on a daily basis by our security engineers. For the efficient design of a resilient WAF security policy, it is vital to reverse engineer the data flow of an application. OWASP ZAP offers an easy way to make the data flow transparent, to visualize the attack surface, and to develop tailor-made policies to minimize it. ZAP is also regularly used in application security consulting. Whether it is to develop and demonstrate a proof of concept for a found code vulnerability, to test an implemented application security function or just to have a function report which is used for threat modeling of an existing function. It is a pleasure to work with ZAP, which we use as a multi-tool for a variety of tasks related to application security.
+The ZAP tool is a significant asset to [Clue](https://clue.ch/), as it is utilized on a daily basis by our security engineers. For the efficient design of a resilient WAF security policy, it is vital to reverse engineer the data flow of an application. ZAP offers an easy way to make the data flow transparent, to visualize the attack surface, and to develop tailor-made policies to minimize it. ZAP is also regularly used in application security consulting. Whether it is to develop and demonstrate a proof of concept for a found code vulnerability, to test an implemented application security function or just to have a function report which is used for threat modeling of an existing function. It is a pleasure to work with ZAP, which we use as a multi-tool for a variety of tasks related to application security.

site/content/success/jit/index.md

@@ -15,6 +15,6 @@ company:
   supporter: Platinum Supporter
 ---
 
-OWASP ZAP has changed the adoption of security across the industry, enabling any organization to have better web application security through open source tooling.  That is why after research and benchmarking Jit selected OWASP ZAP to be a critical tool in its [DevSecOps orchestration platform](https://www.jit.io/).  As a best of breed OSS DAST tool (dynamic application security testing), it provides development teams with the confidence in their application and API security, enabling them to deploy code at the velocity modern engineering organizations require.
+ZAP has changed the adoption of security across the industry, enabling any organization to have better web application security through open source tooling.  That is why after research and benchmarking Jit selected ZAP to be a critical tool in its [DevSecOps orchestration platform](https://www.jit.io/).  As a best of breed OSS DAST tool (dynamic application security testing), it provides development teams with the confidence in their application and API security, enabling them to deploy code at the velocity modern engineering organizations require.
 
-Jit not only leverages OWASP ZAP to deliver a robust and much-needed security control for its users, but also uses ZAP through the Jit platform to secure its own cloud native stack.  By supporting the most up-to-date tool chains, with a high fidelity of results, ZAP has become the de facto open source security tool of choice for millions of developers around the globe, including Jit’s own engineers.
+Jit not only leverages ZAP to deliver a robust and much-needed security control for its users, but also uses ZAP through the Jit platform to secure its own cloud native stack.  By supporting the most up-to-date tool chains, with a high fidelity of results, ZAP has become the de facto open source security tool of choice for millions of developers around the globe, including Jit’s own engineers.

site/content/success/motorola/index.md

@@ -21,10 +21,10 @@ One of the SAMM requirements, defined in the _Verification / Security Testing_ p
 maturity level, states that an organization should _embed security testing as part of the
 development and deployment processes_. We use a number of commercial tools for both static
 and dynamic application security scans, software composition analysis and for measuring other
-metrics. OWASP ZAP has been added to our security toolset, fitting the needs of many
+metrics. ZAP has been added to our security toolset, fitting the needs of many
 application teams within the company.
 
-A major strength of the OWASP ZAP is the ease of deployment. Being a standalone Java
+A major strength of the ZAP is the ease of deployment. Being a standalone Java
 application, and running smoothly from a Docker container, means ZAP can be easily installed
 closely to the scanned application. Regardless if the targeted service runs in a closed
 on-premise lab, or on a Kubernetes cluster hosted in the public cloud, ZAP can be easily
@@ -52,4 +52,4 @@ track usage of the tool.
 
 Shortly after the rollout of our dedicated pipeline jobs, the scans were adopted by several
 application teams, running dozens of automated scans on frontend and backend services daily. 
-This number grows every month, helping us improve the safety of our customers and their systems.
+This number grows every month, helping us improve the safety of our customers and their systems.

site/content/success/mozilla/index.md

@@ -15,6 +15,6 @@ company:
   supporter: Platinum Supporter
 ---
 
-OWASP ZAP is integral to how Mozilla secures the services powering core Firefox features including Accounts, Addons, and Sync for millions of individuals around the world. We support the  open source development of ZAP, because it helps us ensure the security and privacy of our users keeping the Internet a global, public resource open and accessible to all.
+ZAP is integral to how Mozilla secures the services powering core Firefox features including Accounts, Addons, and Sync for millions of individuals around the world. We support the  open source development of ZAP, because it helps us ensure the security and privacy of our users keeping the Internet a global, public resource open and accessible to all.
 
 On the security operations team, we run daily headless ZAP baseline scans against 241 sites to detect OWASP Top Ten and other vulnerabilities, improve the quality of reports to our web bug bounty program, and track metrics on the adoption of security controls like Content Security Policy and Strict Transport Security headers. To date baseline scans have found issues on 73 sites. In our CI/CD pipelines, we run ZAP to prevent insecure applications from being deployed to staging and production environments. We also run ad hoc ZAP tests using the HUD and active scanner, OpenAPI, and GraphQL addons to review and pentest new applications and features and confirm vulnerability reports and fixes.

site/content/success/orange/index.md

@@ -13,6 +13,6 @@ company:
 
 At OBS, we strive continually to bring our customers peace of mind with strengthened and reinforced application security.
 
-As part of automating our web application and API security, we chose to deploy OWASP ZAP as one of our Dynamic Application Security Testing (DAST) technologies. This DevSecOps approach helps our developers and engineering teams to detect vulnerabilities, including the OWASP Top Ten [Web](https://owasp.org/www-project-top-ten/) and [API](https://owasp.org/www-project-api-security/), in CI/CD pipelines before releasing our solutions.
+As part of automating our web application and API security, we chose to deploy ZAP as one of our Dynamic Application Security Testing (DAST) technologies. This DevSecOps approach helps our developers and engineering teams to detect vulnerabilities, including the OWASP Top Ten [Web](https://owasp.org/www-project-top-ten/) and [API](https://owasp.org/www-project-api-security/), in CI/CD pipelines before releasing our solutions.
 
-Thanks to its libraries and API, ZAP is highly customizable and this allowed us to easily develop tools that use these resources. The many interesting features, such as the scripting engine, passive scripts, python hooks and add-ons developed by ZAP and the community, make the tool even more powerful and easy to use.
+Thanks to its libraries and API, ZAP is highly customizable and this allowed us to easily develop tools that use these resources. The many interesting features, such as the scripting engine, passive scripts, python hooks and add-ons developed by ZAP and the community, make the tool even more powerful and easy to use.

site/content/success/possiblesecurity/index.md

@@ -0,0 +1,19 @@
+---
+title: "Possible Security"
+type: success
+successtags:
+- consulting
+- internal
+date: "2025-04-30"
+company:
+  link: https://possiblesecurity.com/
+  logo: /img/success/possiblesecurity.png
+---
+
+At Possible Security, we deliver specialized, expert-driven cybersecurity services to high-profile clients across industries. Our focus areas include penetration testing, red teaming, premium audits, and consulting. Based in Riga – the capital of Latvia and the jewel of Northern Europe – we are one of the few market leaders in the field – serving government institutions, critical infrastructure providers, and private sector clients with complex security needs.
+
+ZAP is used in almost all of our web application penetration tests. Its versatility, frequent updates, and strong community support make it one of the most valuable tools. We love features like the request editor, breakpoints, and session saving/exporting, which enhance the depth and efficiency of our testing. ZAP also proves useful in mobile application assessments, where its flexibility allows us to adapt to a wide range of testing scenarios.
+
+Our technical work combines hands-on security testing and expert consulting in information security, computer systems security, physical security, and network security. Tools like ZAP add real depth to our process – and clarity to the results.
+
+We are grateful to the ZAP community for maintaining such a powerful and versatile tool – one that continues to evolve within the ever-changing cybersecurity landscape. You can bet ZAP is staying as a core component of our workflow here at Possible Security.

site/content/success/we45/index.md

@@ -13,7 +13,7 @@ company:
   twitter: we45
 ---
 
-We at we45 and our training venture, AppSecEngineer use and train on ZAP extensively. We strongly believe OWASP ZAP to be the most programmable DAST tool in its class, regardless of commercial or OSS alternatives. 
+We at we45 and our training venture, AppSecEngineer use and train on ZAP extensively. We strongly believe ZAP to be the most programmable DAST tool in its class, regardless of commercial or OSS alternatives. 
 
 One of the things we do with our clients is to implement continuous DAST scanning as part of their DevSecOps initiatives. Many of our clients run a bevy of automated scans on a periodic basis, triggered through CI tooling with ZAP as the tool. For some of those that have End-to-End Test Automation Scripts with Selenium, Cypress, etc, we set up ZAP to be able to run authenticated, completely automated scanning, which is something we find unique in the DAST space