[Owasp-leaders] How to increase ZAP takeup?

psiinon psiinon at gmail.com
Mon Sep 15 14:24:07 UTC 2014


Thanks Bill - those are all very good points, when the target users are
professional pentesters.
I do want ZAP to appeal to a wider audience, especially students and
developers, but pentesters probably make up a significant proportion of the
current ZAP user base.

Cheers,

Simon


On Thu, Sep 11, 2014 at 1:33 PM, Bill Sempf <bill.sempf at owasp.org> wrote:

> I've been doing a lot of work recently as an application vulnerability
> tester, and there are two kinds of clients out there. There are those that
> simply expect you to use burp and those who don't care what you use as long
> as your results are good. So we have two targets.
>
> To change clients that expect testers to use Burp:
>  - Any chance the 'save state' file can be made Burp compatible?
>  - I agree with whomever said reporting
>  - Video series of solving tough testing problems with ZAP?
>  - These are people that WOULD be swayed with conference booths and
> plushies
>
> To convince testers to use ZAP when the client doesn't care
>  - even more work on the scanner. Burp's scanner is good.
>  - Wizards to walk noobs through core functionality
>  - I think the fuzzing tool is too hard to use but that might just be me
>  - Content discovery. Maybe ZAP already has that and I just didn't know.
>
> One perspective from one side of the biz, but there you go.
>
> S
>
> On Thu, Sep 11, 2014 at 8:22 AM, (P7N) Jason Johnson <
> jason.johnson at p7n.net> wrote:
>
>> What about reporting? Everyone loves a report of some kind. I think is
>> has a bit of a reporting built in. There are lots of reporting engines like
>> birt and adding a reply maker to it would be sweet. What do you think?
>>
>>
>> On September 11, 2014 7:16:21 AM CDT, psiinon <psiinon at gmail.com> wrote:
>>>
>>> You're right, its not viable :)
>>>
>>> On Thu, Sep 11, 2014 at 1:11 PM, <abbas.naderi at owasp.org> wrote:
>>>
>>>> Personally the major reason I don’t like these tools is that they are
>>>> Java based, and Java based apps are ugly and slow on OS X. If I led the
>>>> project, I’d port to python or something else, but I know thats a very
>>>> expensive decision and probably not viable.
>>>> -A
>>>>
>>>> On Sep 11, 2014, at 7:50 AM, Andrew Muller <andrew.muller at owasp.org>
>>>> wrote:
>>>>
>>>> A subtle advertising campaign could work
>>>>
>>>> <pharoah bender endorses ZAP.jpg>
>>>>
>>>>>>>>
>>>> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Leaders,
>>>>>
>>>>> As you hopefully know, ZAP is one of the most successful of all of the
>>>>> OWASP projects.
>>>>>
>>>>> However I want to significantly increase its takeup, and for that I'd
>>>>> like your advice and guidance.
>>>>>
>>>>> *What do you think are the top 3 (or more) things we could do increase
>>>>> ZAP usage?*
>>>>>
>>>>> I'm not just asking about new features or technical changes (but
>>>>> please include those if you think they are important), but also
>>>>> advertizing, online presence, documentation, tutorial videos, conference
>>>>> talks, fluffy toys etc etc.
>>>>> Anything that you think will get more developers and security folk
>>>>> using ZAP.
>>>>>
>>>>> I was going to start a poll, but I decided I didnt want to restrict or
>>>>> unduly influence your replies, so please "think out of the box" and other
>>>>> such cliches ;)
>>>>>
>>>>> Feel free to reply on this thread or directly to me.
>>>>>
>>>>> Many thanks,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> ____________________
>>>> *Andrew Muller*
>>>> Canberra OWASP Chapter Leader
>>>> OWASP Testing Guide Co-Leader
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>
>>>
>> Jason Johnson
>> cell: 405-875-4413
>> ProjectSeven Networks™
>> ___
>>
>> 💻because data is beautiful...
>>
>> 🌲please do not print this email.
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140915/ab838481/attachment.html>


More information about the OWASP-Leaders mailing list