[Owasp-leaders] How to increase ZAP takeup?

Bill Sempf bill.sempf at owasp.org
Thu Sep 11 12:33:38 UTC 2014

I've been doing a lot of work recently as an application vulnerability
tester, and there are two kinds of clients out there. There are those that
simply expect you to use burp and those who don't care what you use as long
as your results are good. So we have two targets.

To change clients that expect testers to use Burp:
 - Any chance the 'save state' file can be made Burp compatible?
 - I agree with whomever said reporting
 - Video series of solving tough testing problems with ZAP?
 - These are people that WOULD be swayed with conference booths and plushies

To convince testers to use ZAP when the client doesn't care
 - even more work on the scanner. Burp's scanner is good.
 - Wizards to walk noobs through core functionality
 - I think the fuzzing tool is too hard to use but that might just be me
 - Content discovery. Maybe ZAP already has that and I just didn't know.

One perspective from one side of the biz, but there you go.


On Thu, Sep 11, 2014 at 8:22 AM, (P7N) Jason Johnson <jason.johnson at p7n.net>

> What about reporting? Everyone loves a report of some kind. I think is has
> a bit of a reporting built in. There are lots of reporting engines like
> birt and adding a reply maker to it would be sweet. What do you think?
> On September 11, 2014 7:16:21 AM CDT, psiinon <psiinon at gmail.com> wrote:
>> You're right, its not viable :)
>> On Thu, Sep 11, 2014 at 1:11 PM, <abbas.naderi at owasp.org> wrote:
>>> Personally the major reason I don’t like these tools is that they are
>>> Java based, and Java based apps are ugly and slow on OS X. If I led the
>>> project, I’d port to python or something else, but I know thats a very
>>> expensive decision and probably not viable.
>>> -A
>>> On Sep 11, 2014, at 7:50 AM, Andrew Muller <andrew.muller at owasp.org>
>>> wrote:
>>> A subtle advertising campaign could work
>>> <pharoah bender endorses ZAP.jpg>
>>> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com> wrote:
>>>> Leaders,
>>>> As you hopefully know, ZAP is one of the most successful of all of the
>>>> OWASP projects.
>>>> However I want to significantly increase its takeup, and for that I'd
>>>> like your advice and guidance.
>>>> *What do you think are the top 3 (or more) things we could do increase
>>>> ZAP usage?*
>>>> I'm not just asking about new features or technical changes (but please
>>>> include those if you think they are important), but also advertizing,
>>>> online presence, documentation, tutorial videos, conference talks, fluffy
>>>> toys etc etc.
>>>> Anything that you think will get more developers and security folk
>>>> using ZAP.
>>>> I was going to start a poll, but I decided I didnt want to restrict or
>>>> unduly influence your replies, so please "think out of the box" and other
>>>> such cliches ;)
>>>> Feel free to reply on this thread or directly to me.
>>>> Many thanks,
>>>> Simon
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> --
>>> ____________________
>>> *Andrew Muller*
>>> Canberra OWASP Chapter Leader
>>> OWASP Testing Guide Co-Leader
>>>  _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> Jason Johnson
> cell: 405-875-4413
> ProjectSeven Networks™
> ___
> 💻because data is beautiful...
> 🌲please do not print this email.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/07a71bea/attachment-0001.html>

More information about the OWASP-Leaders mailing list