[Owasp-leaders] How to increase ZAP takeup?

Tony Turner tony.turner at owasp.org
Thu Sep 11 17:17:52 UTC 2014


Getting ZAP included in popular pentest and security testing courses such
as what SANS delivers would be very beneficial. People take these classes
using Burp Free, and then go back to work and buy Pro and keep using it.
Why would they switch to ZAP when they are already getting what they need
from Burp? We need to either get ZAP in front of people just learning the
tools or provide sufficient justification for people to switch from what
they are already doing.



On Thu, Sep 11, 2014 at 1:06 PM, psiinon <psiinon at gmail.com> wrote:

> We have a REST API and clients written in Java, Python, Node.js, PHP and
> Ruby: https://code.google.com/p/zaproxy/wiki/ApiDetails :)
>
> We also support all JSR 223 languages (including Jython) via the ZAP Script
> Console <https://code.google.com/p/zaproxy/wiki/HelpAddonsScriptsScripts>.
>
> Any questions about using them then let me know or ask on the ZAP
> Developer group <http://groups.google.com/group/zaproxy-develop>.
>
> Cheers,
>
> Simon
>
> On Thu, Sep 11, 2014 at 5:42 PM, Mario Robles <mario.robles at owasp.org>
> wrote:
>
>>  I would be very exited about having a possibility of writing python
>> tools that can work with ZAP using some kind of integration API (sorry if
>> this already exists and if so I'd like to know more about it)
>>
>> I'm a WPT tools writer and I like to work with python (I'm sure many here
>> do the same) so I think this is a good opportunity for ZAP
>>
>> Back to the main question, here's my answer: if ZAP become friendly with
>> the frameworks most of Pentesters use then ZAP will be loved by many of them
>>
>> Mario
>>
>>
>>
>>    On 11/09/2014 06:33 a.m., psiinon wrote:
>>
>>  I'd also like to point out that I specifically asked what people
>> thought would be the best way to increase ZAP usage NOT what would cause
>> _you_ to use ZAP :)
>>  Do you really think that dropping java and porting to Python would
>> increase ZAP takeup? ;)
>>
>> On Thu, Sep 11, 2014 at 1:16 PM, psiinon <psiinon at gmail.com> wrote:
>>
>>> You're right, its not viable :)
>>>
>>> On Thu, Sep 11, 2014 at 1:11 PM, <abbas.naderi at owasp.org> wrote:
>>>
>>>> Personally the major reason I don’t like these tools is that they are
>>>> Java based, and Java based apps are ugly and slow on OS X. If I led the
>>>> project, I’d port to python or something else, but I know thats a very
>>>> expensive decision and probably not viable.
>>>> -A
>>>>
>>>>  On Sep 11, 2014, at 7:50 AM, Andrew Muller <andrew.muller at owasp.org>
>>>> wrote:
>>>>
>>>>  A subtle advertising campaign could work
>>>>
>>>> <pharoah bender endorses ZAP.jpg>
>>>>
>>>>>>>>
>>>> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>>     Leaders,
>>>>>
>>>>>  As you hopefully know, ZAP is one of the most successful of all of
>>>>> the OWASP projects.
>>>>>
>>>>>  However I want to significantly increase its takeup, and for that I'd
>>>>> like your advice and guidance.
>>>>>
>>>>>  *What do you think are the top 3 (or more) things we could do
>>>>> increase ZAP usage?*
>>>>>
>>>>>  I'm not just asking about new features or technical changes (but
>>>>> please include those if you think they are important), but also
>>>>> advertizing, online presence, documentation, tutorial videos, conference
>>>>> talks, fluffy toys etc etc.
>>>>> Anything that you think will get more developers and security folk
>>>>> using ZAP.
>>>>>
>>>>>  I was going to start a poll, but I decided I didnt want to restrict
>>>>> or unduly influence your replies, so please "think out of the box" and
>>>>> other such cliches ;)
>>>>>
>>>>>  Feel free to reply on this thread or directly to me.
>>>>>
>>>>>  Many thanks,
>>>>>
>>>>>  Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>   ____________________
>>>>  *Andrew Muller*
>>>>  Canberra OWASP Chapter Leader
>>>>  OWASP Testing Guide Co-Leader
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140911/009a83a4/attachment-0001.html>


More information about the OWASP-Leaders mailing list