[Owasp-leaders] How to increase ZAP takeup?

Tony Turner tony.turner at owasp.org
Mon Sep 15 16:24:00 UTC 2014


That's great to hear. I last took 542 4 years ago so no doubt it changed
since then. I took 642 a few months ago and it was mostly Burp based. Talk
to Justin Searle, I know he's on these lists. :)
On Sep 15, 2014 11:20 AM, "psiinon" <psiinon at gmail.com> wrote:

> The courses I know which include ZAP are listed here:
> https://code.google.com/p/zaproxy/wiki/TrainingCourses and that includes
> SANS 542.
> If anyone knows of any other course that they thing _should_ use ZAP then
> please let me know and I'll try and convince them :)
>
> On Thu, Sep 11, 2014 at 6:17 PM, Tony Turner <tony.turner at owasp.org>
> wrote:
>
>> Getting ZAP included in popular pentest and security testing courses such
>> as what SANS delivers would be very beneficial. People take these classes
>> using Burp Free, and then go back to work and buy Pro and keep using it.
>> Why would they switch to ZAP when they are already getting what they need
>> from Burp? We need to either get ZAP in front of people just learning the
>> tools or provide sufficient justification for people to switch from what
>> they are already doing.
>>
>>
>>
>> On Thu, Sep 11, 2014 at 1:06 PM, psiinon <psiinon at gmail.com> wrote:
>>
>>> We have a REST API and clients written in Java, Python, Node.js, PHP and
>>> Ruby: https://code.google.com/p/zaproxy/wiki/ApiDetails :)
>>>
>>> We also support all JSR 223 languages (including Jython) via the ZAP Script
>>> Console
>>> <https://code.google.com/p/zaproxy/wiki/HelpAddonsScriptsScripts>.
>>>
>>> Any questions about using them then let me know or ask on the ZAP
>>> Developer group <http://groups.google.com/group/zaproxy-develop>.
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Thu, Sep 11, 2014 at 5:42 PM, Mario Robles <mario.robles at owasp.org>
>>> wrote:
>>>
>>>>  I would be very exited about having a possibility of writing python
>>>> tools that can work with ZAP using some kind of integration API (sorry if
>>>> this already exists and if so I'd like to know more about it)
>>>>
>>>> I'm a WPT tools writer and I like to work with python (I'm sure many
>>>> here do the same) so I think this is a good opportunity for ZAP
>>>>
>>>> Back to the main question, here's my answer: if ZAP become friendly
>>>> with the frameworks most of Pentesters use then ZAP will be loved by many
>>>> of them
>>>>
>>>> Mario
>>>>
>>>>
>>>>
>>>>    On 11/09/2014 06:33 a.m., psiinon wrote:
>>>>
>>>>  I'd also like to point out that I specifically asked what people
>>>> thought would be the best way to increase ZAP usage NOT what would cause
>>>> _you_ to use ZAP :)
>>>>  Do you really think that dropping java and porting to Python would
>>>> increase ZAP takeup? ;)
>>>>
>>>> On Thu, Sep 11, 2014 at 1:16 PM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> You're right, its not viable :)
>>>>>
>>>>> On Thu, Sep 11, 2014 at 1:11 PM, <abbas.naderi at owasp.org> wrote:
>>>>>
>>>>>> Personally the major reason I don’t like these tools is that they are
>>>>>> Java based, and Java based apps are ugly and slow on OS X. If I led the
>>>>>> project, I’d port to python or something else, but I know thats a very
>>>>>> expensive decision and probably not viable.
>>>>>> -A
>>>>>>
>>>>>>  On Sep 11, 2014, at 7:50 AM, Andrew Muller <andrew.muller at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>  A subtle advertising campaign could work
>>>>>>
>>>>>> <pharoah bender endorses ZAP.jpg>
>>>>>>
>>>>>>>>>>>>
>>>>>> On Thu, Sep 11, 2014 at 8:59 PM, psiinon <psiinon at gmail.com> wrote:
>>>>>>
>>>>>>>     Leaders,
>>>>>>>
>>>>>>>  As you hopefully know, ZAP is one of the most successful of all of
>>>>>>> the OWASP projects.
>>>>>>>
>>>>>>>  However I want to significantly increase its takeup, and for that
>>>>>>> I'd like your advice and guidance.
>>>>>>>
>>>>>>>  *What do you think are the top 3 (or more) things we could do
>>>>>>> increase ZAP usage?*
>>>>>>>
>>>>>>>  I'm not just asking about new features or technical changes (but
>>>>>>> please include those if you think they are important), but also
>>>>>>> advertizing, online presence, documentation, tutorial videos, conference
>>>>>>> talks, fluffy toys etc etc.
>>>>>>> Anything that you think will get more developers and security folk
>>>>>>> using ZAP.
>>>>>>>
>>>>>>>  I was going to start a poll, but I decided I didnt want to
>>>>>>> restrict or unduly influence your replies, so please "think out of the box"
>>>>>>> and other such cliches ;)
>>>>>>>
>>>>>>>  Feel free to reply on this thread or directly to me.
>>>>>>>
>>>>>>>  Many thanks,
>>>>>>>
>>>>>>>  Simon
>>>>>>>
>>>>>>> --
>>>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>   ____________________
>>>>>>  *Andrew Muller*
>>>>>>  Canberra OWASP Chapter Leader
>>>>>>  OWASP Testing Guide Co-Leader
>>>>>>  _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Tony Turner
>> OWASP Orlando Chapter Founder/Co-Leader
>> tony.turner at owasp.org
>> https://www.owasp.org/index.php/Orlando
>>
>>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140915/23f3e898/attachment-0001.html>


More information about the OWASP-Leaders mailing list