[Owasp-leaders] How to increase ZAP takeup?

Gary Robinson gary.robinson at owasp.org
Thu Sep 11 13:36:34 UTC 2014


Hi Simon,

I'll throw out 3 (non-language related) suggestions:

1) Paid advertising - do OWASP projects ever take a portion of their budget
and advertise on relevant sites?

2) Facilitating demos at chapters - you can't fly to every chapter and
demo, but could there be some turnkey demo setup that each chapter leader
could spend 20 minutes showing their audience?  I'm thinking some demo web
site (with flaws) on their laptop, and a 1 page doc that'll allow the
chapter leader to install ZAP, point it to the demo server, and show a few
flaws/bugs being found?  You probably already have something like this.

3) I'm realizing in our Code Review Guide (due out end of this year) we
have mentions of pen testing (pros & cons vs code review) but we could add
more detail and describe the types of things ZAP (and other tools) would
find that code review wont.  If you could help us create this content
that'd be great.

Gary

On Thu, Sep 11, 2014 at 1:39 PM, Justin Klein Keane <justin at madirish.net>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Although I think language bashing is a little simplistic, the
> criticisms of aesthetics and performance could be accurate and
> probably should be taken to heart.  Many folks find the native Java UI
> elements pretty bad so perhaps exploring a different rendering UI
> might be worthwhile.
>
> Evangelism is probably one of the biggest things I can think of to
> promote an open source project.  Appearances on podcasts, articles in
> popular media outlets for the profession, videos on YouTube, books,
> etc., all improve the visibility of a project and the attention will
> likely be cumulative.
>
> Although I really liked the hack-a-thon at last year's OWASP AppSec
> USA, having more developers might not actually be good for a project.
>  Rather, having more users with more feature requests, bug reports,
> etc. could be a big boon for the project.
>
> Finally, although I love ZAP I've found that a lot of its new features
> can be a little overwhelming for a novice user and have a tendency to
> hide the most basic use cases.  I think this is perhaps a user
> experience issue and perhaps the project has reached the maturity
> where a proper UX consultation might be in order.
>
> Cheers,
>
> Justin C. Klein Keane
> http://www.MadIrish.net
>
> The digital signature on this e-mail may be verified using
> the public key at http://www.madirish.net/gpgkey
>
> On 9/11/14, 8:31 AM, psiinon wrote:
> > About 11% of last weeks 2.3.1 downloads were for Macs:
> > http://sourceforge.net/projects/zaproxy/files/2.3.1/ :)
> >
> > On Thu, Sep 11, 2014 at 1:24 PM, (P7N) Jason Johnson
> > <jason.johnson at p7n.net <mailto:jason.johnson at p7n.net>> wrote:
> >
> > Mac users use ZAP? I'm kidding.
> >
> >
> >
> > On September 11, 2014 7:11:18 AM CDT, abbas.naderi at owasp.org
> > <mailto:abbas.naderi at owasp.org> wrote:
> >
> > Personally the major reason I don’t like these tools is that they
> > are Java based, and Java based apps are ugly and slow on OS X. If I
> > led the project, I’d port to python or something else, but I know
> > thats a very expensive decision and probably not viable. -A
> >
> >> On Sep 11, 2014, at 7:50 AM, Andrew Muller
> >> <andrew.muller at owasp.org <mailto:andrew.muller at owasp.org>>
> >> wrote:
> >>
> >> A subtle advertising campaign could work
> >>
> >> <pharoah bender endorses ZAP.jpg>
> >>
> >> ​
> >>
> >> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com
> >> <mailto:psiinon at gmail.com>> wrote:
> >>
> >> Leaders,
> >>
> >> As you hopefully know, ZAP is one of the most successful of all
> >> of the OWASP projects.
> >>
> >> However I want to significantly increase its takeup, and for that
> >> I'd like your advice and guidance.
> >>
> >> *What do you think are the top 3 (or more) things we could do
> >> increase ZAP usage?*
> >>
> >> I'm not just asking about new features or technical changes (but
> >> please include those if you think they are important), but also
> >> advertizing, online presence, documentation, tutorial videos,
> >> conference talks, fluffy toys etc etc. Anything that you think
> >> will get more developers and security folk using ZAP.
> >>
> >> I was going to start a poll, but I decided I didnt want to
> >> restrict or unduly influence your replies, so please "think out
> >> of the box" and other such cliches ;)
> >>
> >> Feel free to reply on this thread or directly to me.
> >>
> >> Many thanks,
> >>
> >> Simon
> >>
> >> -- OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project
> >> leader
> >>
> >> _______________________________________________ OWASP-Leaders
> >> mailing list OWASP-Leaders at lists.owasp.org
> >> <mailto:OWASP-Leaders at lists.owasp.org>
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >>
> >> -- ____________________ *Andrew Muller* Canberra OWASP Chapter
> >> Leader OWASP Testing Guide Co-Leader
> >> _______________________________________________ OWASP-Leaders
> >> mailing list OWASP-Leaders at lists.owasp.org
> >> <mailto:OWASP-Leaders at lists.owasp.org>
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > ------------------------------------------------------------------------
> >
> >  OWASP-Leaders mailing list OWASP-Leaders at lists.owasp.org
> > <mailto:OWASP-Leaders at lists.owasp.org>
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> > Jason Johnson cell: 405-875-4413 <tel:405-875-4413> ProjectSeven
> > Networks™ ___
> >
> > 💻because data is beautiful...
> >
> > 🌲please do not print this email.
> >
> > _______________________________________________ OWASP-Leaders
> > mailing list OWASP-Leaders at lists.owasp.org
> > <mailto:OWASP-Leaders at lists.owasp.org>
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> >
> > -- OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> >
> >
> > _______________________________________________ OWASP-Leaders
> > mailing list OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iPwEAQECAAYFAlQRl+wACgkQkSlsbLsN1gBCtQb+Ipt+eKtnsdPx2PMLtGRdC7kX
> bWeg+486rpebu4+U2Y7x88LsK1O/8OHX2zecfVj1ALAxaITlUqS+2tj+Vcm6Br1x
> 8ts35xEuO0xbQmkxdD0Dx3iUed7caphcIN930YZvDDjaH/mdieD29V5LG+7B11VZ
> vrrF9vnbChJPxuqyDdKT5VcIUYwV+nzT95NNibE/p7i2lltBnEmVccQtnjx5VFzf
> p4BJI6gy0AV0hxr1evFWzfu79RpC/fRcHwYhhujc5nq6BvcLp3fm3eadE2N401kD
> v3BBHCc4+ZrlFRwJN4U=
> =FOhf
> -----END PGP SIGNATURE-----
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/995993a8/attachment-0001.html>


More information about the OWASP-Leaders mailing list