[Owasp-board] [GPC] FW: Zed Attack Proxy

Paulo Coimbra paulo.coimbra at owasp.org
Fri Oct 22 17:29:06 UTC 2010


Board, GPC and Simon,

 

Please see enclosed a logo's proposed version of OWASP Zed Attack Proxy
Project and please let me know your thoughts.

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: bradcausey at gmail.com [mailto:bradcausey at gmail.com] On Behalf Of Brad
Causey
Sent: quinta-feira, 7 de Outubro de 2010 18:43
To: Paulo Coimbra
Cc: Global Projects Committee; prude; psiinon
Subject: Re: [GPC] FW: Zed Attack Proxy

 

Excellent, thank you Paulo.

-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
"Si vis pacem, para bellum"
--



On Thu, Oct 7, 2010 at 12:38 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

GPC,

 

Please see the email below. Due to distraction, you haven't been carbon
copied. 

 

Thanks, 

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: sexta-feira, 1 de Outubro de 2010 17:14
To: 'dinis cruz'
Cc: 'prude'
Subject: FW: Zed Attack Proxy
Importance: High

 

Dinis,

 

For your information, I've agreed with Pedro Rufino on a budget of 250
dollars for him to create this project logo/image.

 

Cheers,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: sexta-feira, 1 de Outubro de 2010 17:12
To: 'psiinon'
Cc: 'prude'; 'dinis cruz'
Subject: RE: Zed Attack Proxy

 

Simon,

 

Please see below my inline answers.

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: psiinon [mailto:psiinon at gmail.com] 
Sent: sexta-feira, 1 de Outubro de 2010 15:16
To: Paulo Coimbra
Subject: Re: Zed Attack Proxy

 

Great.

 

And its nice to be able to contribute something back to OWASP after all the
use I've made of your materials ;) I'm trying to persuade Sage to join OWASP
as a corporate member. The feedback has been positive, but I dont know if
and when it will happen.

 

[pc] It's very kind of you and those are great news. Please let me know
whenever you think I can do anything to assist you through this process.  

 

Very quick detailed question which you can hopefully either help me with or
pass on to the most suitable person:

Do you have any guidelines about the program icons that OWASP projects
should use?

I deliberately chose one for ZAP that I thought could be easily converted to
incorporate the OWASP 'wasp' logo, but I can claim no great skills with
graphics so any help or advice anyone else can provide would be appreciated.

 

[pc] To be honest with you, Simon, OWASP is still giving its firsts steps
regarding design matters. However, I've requested the due authorization for
us to use the services of a designer, Pedro Rufino, being carbon copied, to
create a logo/image for your project. Being so, please let us know what your
requisites are and send us off any image you would like us to utilize.   

 

Cheers,

 

Simon

 

On Fri, Oct 1, 2010 at 2:50 PM, Paulo Coimbra <paulo.coimbra at owasp.org>
wrote:

> No need, Simon, thanks. I am setting your project up and will come 

> back to you soon - possibly today still.

> 

> Thank you for making an excellent project available to OWASP Community 

> ;)

> 

> Regards,

> 

> Paulo Coimbra,

> OWASP Project Manager

> 

> 

>> >-----Original Message-----

>> >From: psiinon [mailto:psiinon at gmail.com]

>> >Sent: sexta-feira, 1 de Outubro de 2010 13:51

>> >To: Paulo Coimbra

>> >Subject: Re: Zed Attack Proxy

>> >

>> >Hi Paulo,

>> >

>> >Just subscribing to the GPC list now :) Do I need to send the 

>> >project details to that list again?

>> >

>> >Thanks,

>> >

>> >Psiinon

>> >

>> >On Fri, Oct 1, 2010 at 2:08 PM,

>> ><global-projects-committee-owner at lists.owasp.org> wrote:

>> >> I'm sorry, this list requires you to be subscribed. If you feel 

>> >> you should be on this list, try subscribing first.

>> >>

>> >> Thanks

>> >>

>> >> --OWASP

>> >>

>> >>

>> >>

>> >> ---------- Forwarded message ----------

>> >> From: psiinon <psiinon at gmail.com>

>> >> To: Paulo Coimbra <paulo.coimbra at owasp.org>

>> >> Date: Fri, 1 Oct 2010 13:08:27 +0100

>> >> Subject: Re: Zed Attack Proxy

>> >> Hi Paulo, GPC,

>> >>

>> >> Thanks for getting back to me, and I hope your issues are now

>> >resolved.

>> >>

>> >> As I've explained in the 'account request' I've just submitted, my 

>> >> real name is Simon Bennetts and I work for Sage (UK).

>> >> The Zed Attack Proxy is something that I'm working on in my own

>> >time.

>> >> It is approved of by my manager at Sage but at this stage we do 

>> >> not want any direct connection between this project and Sage, 

>> >> hence the use of this alias.

>> >> Feel free to contact me via my work email 

>> >> (simon.bennetts at sage.com)

>> >or

>> >> phone number (+44 161 868 4877) for conformation.

>> >>

>> >> The initial information you requested:

>> >> (0) Project Name: OWASP Zed Attack Proxy (ZAP)

>> >> (1) Project purpose / overview:

>> >>

>> >> Provide an easy to use integrated penetration testing tool for

>> >testing

>> >> web applications.

>> >> It is designed to be used by people with a wide range of security 

>> >> experience and as such is ideal for developers and functional

>> >testers

>> >> who a new to penetration testing.

>> >> It is not intended to compete with tools aimed at professional 

>> >> penetration testers such as OWASP WebScarab or the Burp Suite.

>> >>

>> >> (2) Project Roadmap (as mentioned above):

>> >>

>> >> In the near term, we are focused on the following tactical goals...

>> >>   1. Improving the passive and active automated scanners

>> >>   2. Improving the Spider

>> >>   3. Adding a basic port scanner

>> >>   4. Adding brute force capabilities (hopefully based on 

>> >> DirBuster)

>> >>   5. Internationalization

>> >>   6. OWASP rebranding, moving the homepage to the OWASP wiki

>> >>   7. Encouraging as much active involvement as possible!

>> >>

>> >> In the medium term, we are focused on the following tactical

>> >goals...

>> >>   1. Adding the capability to provide security regression tests

>> >>   2. Adding fuzzing capabilities (hopefully based on JBroFuzz)

>> >>

>> >> Regarding integration with other projects like DirBuster and

>> >JBroFuzz

>> >> - I want to stress that I dont want ZAP to be a bloated superset 

>> >> of

>> >a

>> >> load of other projects.

>> >> I'd like it to be an integrated tool that provides all of the 

>> >> basic functionality required to pen test a web app.

>> >> So I'd like to reuse existing projects to provide a basic core set

>> >of

>> >> easy to use functionality, as opposed to the full set of

>> >functionality

>> >> the other projects provide.

>> >> Full credit will of course be given and I'd be very happy to 

>> >> provide ability to invoke the 'full' stand alone products, 

>> >> initialised with the relevant context.

>> >> I've recently emailed the DirBuster and JBroFuzz project leaders 

>> >> but have yet to hear back from them.

>> >>

>> >> (3) Project links (if any) to external sites:

>> >http://code.google.com/p/zaproxy/

>> >> (4) Project License: Apache License 2.0

>> >> (5) Project Leader name: Psiinon

>> >> (6) Project Leader email address: psiinon at gmail.com

>> >> (7) Project Leader wiki account: Psiinon (pending approval)

>> >> (8) Project Maintainer (if any): None at this stage

>> >>

>> >> Fyi after next week I'll be on holiday for the rest of the month, 

>> >> so

>> >I

>> >> wont be able to make much progress with the rebranding.

>> >> However if I'm able to set up a basic project page on the OWASP 

>> >> wiki before I go then I'll make an announcement on the relevant 

>> >> security lists.

>> >>

>> >> Note that ZAP 1.0.0 is currently available for download from 

>> >> http://code.google.com/p/zaproxy/downloads/list and is available 

>> >> in Windows, Mac OS and Unix/Linux variants.

>> >>

>> >> Many thanks,

>> >>

>> >> Simon Bennetts

>> >>

>> >> On Thu, Sep 30, 2010 at 8:16 PM, Paulo Coimbra

>> ><paulo.coimbra at owasp.org> wrote:

>> >>> Hello Psiinon,

>> >>>

>> >>>

>> >>>

>> >>> Clearly I owe you both an apology and a clear explanation for my

>> >delayed

>> >>> answer. The truth is that a sequence of not deferrable personal

>> >issues has

>> >>> kept me out of work for a considerable period of time and

>> >consequently I

>> >>> have accumulated tasks and haven't been able to seasonably deal

>> >with my

>> >>> OWASP duties. I sincerely apologise and will try to set up this

>> >project as

>> >>> soon as possible.

>> >>>

>> >>>

>> >>>

>> >>> Second, regarding your new leadership of this project, I'd like 

>> >>> to

>> >request

>> >>> that you send a project roadmap - basically the high level 

>> >>> details

>> >of where

>> >>> you'd like to take the project.  The OWASP Global Projects

>> >Committee (GPC)

>> >>> will look at both the project as it currently is and at the 

>> >>> roadmap

>> >and will

>> >>> provide feedback:  suggesting projects which are closely related,

>> >resources

>> >>> and contacts which may assist your efforts and any other

>> >suggestions to

>> >>> increase your project's success.

>> >>>

>> >>>

>> >>>

>> >>> To get your project started, here are a couple of references for

>> >your

>> >>> review:

>> >>>

>> >>>  - The Guidelines for OWASP Projects provide a quick overview of

>> >items key

>> >>> to a projects success -

>> >>> http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects,

>> >>>

>> >>>  - OWASP's Assessment Criteria is the metric by which projects 

>> >>> are evaluated.  There are three categories for projects: Alpha, 

>> >>> Beta,

>> >and

>> >>> Release.  The Assessment Criteria allows project leaders to know

>> >what

>> >>> aspects of projects OWASP values - 

>> >>> http://www.owasp.org/index.php/Category:OWASP_Project_Assessment,

>> >>>

>> >>>

>> >>>

>> >>>  - OWASP's GPC blog -

>> >http://globalprojectscommittee.wordpress.com/,

>> >>>

>> >>> Your project will have an OWASP wiki page to inform and promote

>> >your project

>> >>> to the OWASP community.  To setup your project's page, please

>> >provide the

>> >>> details below so that the GPC can establish your initial project

>> >page.  The

>> >>> details provided will be used to complete OWASP's project

>> >template.  Feel

>> >>> free to add any additional information to wiki page or request

>> >assistance

>> >>> about how to add to your projects wiki page.

>> >>>

>> >>> Details to create your project page:

>> >>> (0) Project Name,

>> >>>

>> >>> (1) Project purpose / overview,

>> >>> (2) Project Roadmap (as mentioned above),

>> >>> (3) Project links (if any) to external sites,

>> >>> (4) Project License

>> >>>

>> >(http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Projec

>> >t_

>> >Licensing),

>> >>> (5) Project Leader name,

>> >>>

>> >>> (6) Project Leader email address,

>> >>> (7) Project Leader wiki account - the username (you'll need this 

>> >>> to

>> >edit the

>> >>> wiki - http://www.owasp.org/index.php/Tutorial),

>> >>> (8) Project Maintainer (if any)  - name, email and wiki account 

>> >>> (if

>> >any),

>> >>>

>> >>> As your project reaches a point that you'd like OWASP to assist 

>> >>> in

>> >its

>> >>> promotion, the GPC will need the following to help spread the 

>> >>> word

>> >about

>> >>> your project:

>> >>>

>> >>>  * Conference style presentation describing the project in at 

>> >>> least

>> >3 slides

>> >>> -

>> >>> http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-

>> >the-3x-slide-presentation-thing/

>> >>>

>> >>>  * Project Flyer/Pamphlet (PDF file) -

>> >>> http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-

>> >this-project-flyerpamphlet-thing/

>> >>>

>> >>> As work on your project progresses and you are ready to create a

>> >release,

>> >>> please let the GPC know of the change in status.  The GPC can 

>> >>> work

>> >with you

>> >>> to get your project assessed and moved up the OWASP quality 

>> >>> ladder

>> >from

>> >>> Alpha to Beta to Stable.  Every release does not require an

>> >assessment -

>> >>> feel free to email the GPC if you are unsure about your project's 

>> >>> requirements.  For examples of projects at various quality 

>> >>> levels,

>> >please

>> >>> see the OWASP Project page -

>> >>> http://www.owasp.org/index.php/Category:OWASP_Project

>> >>>

>> >>> That is all for now - I wish you and your project great success.

>> >Thank you

>> >>> for supporting OWASP's mission.

>> >>>

>> >>> Should you have any questions or require any further information,

>> >please do

>> >>> not hesitate to contact me.

>> >>>

>> >>> Many thanks, best regards,

>> >>>

>> >>>

>> >>>

>> >>> Paulo Coimbra,

>> >>>

>> >>> OWASP Project Manager

>> >>>

>> >>>

>> >>>

>> >>> From: psiinon [mailto:psiinon at gmail.com]

>> >>> Sent: quarta-feira, 8 de Setembro de 2010 13:12

>> >>> To: paulo.coimbra at owasp.org

>> >>> Subject: Zed Attack Proxy

>> >>>

>> >>>

>> >>>

>> >>> Hi Paulo,

>> >>>

>> >>>

>> >>>

>> >>> I've just released the Zed Attack Proxy -

>> >http://code.google.com/p/zaproxy/

>> >>> Its a fork of Paros and is explicitly aimed at developers and

>> >functional

>> >>> testers, ie people who are not security experts.

>> >>>

>> >>> Do you think this could be a suitable OWASP project?

>> >>>

>> >>> I realise that there is some crossover with Web Scarab, but I see

>> >that as an

>> >>> experts tool, so hopefully there will be less overlap.

>> >>>

>> >>>

>> >>>

>> >>> Many thanks,

>> >>>

>> >>>

>> >>>

>> >>> Psiinon

>> >>

>> >>

> 

> 


_______________________________________________
Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global-projects-committee

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101022/787a4605/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ZAP_OWASP_Logo_1.pdf
Type: application/pdf
Size: 213210 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20101022/787a4605/attachment-0002.pdf>


More information about the Owasp-board mailing list