[Owasp-leaders] How to increase ZAP takeup?

psiinon psiinon at gmail.com
Mon Sep 15 15:20:06 UTC 2014


The courses I know which include ZAP are listed here:
https://code.google.com/p/zaproxy/wiki/TrainingCourses and that includes
SANS 542.
If anyone knows of any other course that they thing _should_ use ZAP then
please let me know and I'll try and convince them :)

On Thu, Sep 11, 2014 at 6:17 PM, Tony Turner <tony.turner at owasp.org> wrote:

> Getting ZAP included in popular pentest and security testing courses such
> as what SANS delivers would be very beneficial. People take these classes
> using Burp Free, and then go back to work and buy Pro and keep using it.
> Why would they switch to ZAP when they are already getting what they need
> from Burp? We need to either get ZAP in front of people just learning the
> tools or provide sufficient justification for people to switch from what
> they are already doing.
>
>
>
> On Thu, Sep 11, 2014 at 1:06 PM, psiinon <psiinon at gmail.com> wrote:
>
>> We have a REST API and clients written in Java, Python, Node.js, PHP and
>> Ruby: https://code.google.com/p/zaproxy/wiki/ApiDetails :)
>>
>> We also support all JSR 223 languages (including Jython) via the ZAP Script
>> Console <https://code.google.com/p/zaproxy/wiki/HelpAddonsScriptsScripts>
>> .
>>
>> Any questions about using them then let me know or ask on the ZAP
>> Developer group <http://groups.google.com/group/zaproxy-develop>.
>>
>> Cheers,
>>
>> Simon
>>
>> On Thu, Sep 11, 2014 at 5:42 PM, Mario Robles <mario.robles at owasp.org>
>> wrote:
>>
>>>  I would be very exited about having a possibility of writing python
>>> tools that can work with ZAP using some kind of integration API (sorry if
>>> this already exists and if so I'd like to know more about it)
>>>
>>> I'm a WPT tools writer and I like to work with python (I'm sure many
>>> here do the same) so I think this is a good opportunity for ZAP
>>>
>>> Back to the main question, here's my answer: if ZAP become friendly with
>>> the frameworks most of Pentesters use then ZAP will be loved by many of them
>>>
>>> Mario
>>>
>>>
>>>
>>>    On 11/09/2014 06:33 a.m., psiinon wrote:
>>>
>>>  I'd also like to point out that I specifically asked what people
>>> thought would be the best way to increase ZAP usage NOT what would cause
>>> _you_ to use ZAP :)
>>>  Do you really think that dropping java and porting to Python would
>>> increase ZAP takeup? ;)
>>>
>>> On Thu, Sep 11, 2014 at 1:16 PM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> You're right, its not viable :)
>>>>
>>>> On Thu, Sep 11, 2014 at 1:11 PM, <abbas.naderi at owasp.org> wrote:
>>>>
>>>>> Personally the major reason I don’t like these tools is that they are
>>>>> Java based, and Java based apps are ugly and slow on OS X. If I led the
>>>>> project, I’d port to python or something else, but I know thats a very
>>>>> expensive decision and probably not viable.
>>>>> -A
>>>>>
>>>>>  On Sep 11, 2014, at 7:50 AM, Andrew Muller <andrew.muller at owasp.org>
>>>>> wrote:
>>>>>
>>>>>  A subtle advertising campaign could work
>>>>>
>>>>> <pharoah bender endorses ZAP.jpg>
>>>>>
>>>>>>>>>>
>>>>> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>
>>>>>>     Leaders,
>>>>>>
>>>>>>  As you hopefully know, ZAP is one of the most successful of all of
>>>>>> the OWASP projects.
>>>>>>
>>>>>>  However I want to significantly increase its takeup, and for that
>>>>>> I'd like your advice and guidance.
>>>>>>
>>>>>>  *What do you think are the top 3 (or more) things we could do
>>>>>> increase ZAP usage?*
>>>>>>
>>>>>>  I'm not just asking about new features or technical changes (but
>>>>>> please include those if you think they are important), but also
>>>>>> advertizing, online presence, documentation, tutorial videos, conference
>>>>>> talks, fluffy toys etc etc.
>>>>>> Anything that you think will get more developers and security folk
>>>>>> using ZAP.
>>>>>>
>>>>>>  I was going to start a poll, but I decided I didnt want to restrict
>>>>>> or unduly influence your replies, so please "think out of the box" and
>>>>>> other such cliches ;)
>>>>>>
>>>>>>  Feel free to reply on this thread or directly to me.
>>>>>>
>>>>>>  Many thanks,
>>>>>>
>>>>>>  Simon
>>>>>>
>>>>>> --
>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>   ____________________
>>>>>  *Andrew Muller*
>>>>>  Canberra OWASP Chapter Leader
>>>>>  OWASP Testing Guide Co-Leader
>>>>>  _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Tony Turner
> OWASP Orlando Chapter Founder/Co-Leader
> tony.turner at owasp.org
> https://www.owasp.org/index.php/Orlando
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140915/31451d8e/attachment-0001.html>


More information about the OWASP-Leaders mailing list