[Owasp-leaders] ZAP as a Service

Jerry Hoff jerry at owasp.org
Tue Jun 2 21:07:31 UTC 2015


Hi Jan,

Thank you for sending out this link - definitely a great resource. 

Jerry

--
Jerry Hoff
jerry at owasp.com
@jerryhoff
> On Jun 2, 2015, at 16:58, "jan.kopecky at owasp.org" <jan.kopecky at owasp.org> wrote:
> 
> Hello all,
> 
> I believe most of you already know this, but just to be sure:
> 
> https://code.google.com/p/mustache-security/
> 
> Mario is responsible for this one. Very interesting reading when dealing with any JS MVC Framework.
> 
> Thank you,
> 
> Jan
> 
> Sent from Surface Pro
> 
> From: Jim Manico
> Sent: ‎Saturday‎, ‎May‎ ‎30‎, ‎2015 ‎5‎:‎54‎ ‎AM
> To: Matt Tesauro, Eoin Keary
> Cc: owasp-leaders at lists.owasp.org
> 
> Whoa!
> 
> > Assuming you will do a REST API, I'd strongly suggest you shoot for level 2 or ideally level 3 that Fowler writes about at:
> http://martinfowler.com/articles/richardsonMaturityModel.html
> 
> What a great REST resource. It's very helpful in terms of education. Thanks for passing this along, Matt.
> 
> Looking to seeing ZaaS go live. :)
> 
> Aloha,
> Jim
> 
> 
> 
> 
> On 5/29/15 12:28 PM, Matt Tesauro wrote:
> > the backend can be 100% API based
> 
> Which is awesome for those of us who want to automate and completely skip the UI.
> 
> Assuming you will do a REST API, I'd strongly suggest you shoot for level 2 or ideally level 3 that Fowler writes about at:
> http://martinfowler.com/articles/richardsonMaturityModel.html
> 
> It will make your (and your users) interaction with the API much nicer from a programming perspective.
> 
> Keep up the stellar ZAP work! 
> 
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
> 
>> On Fri, May 29, 2015 at 3:28 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> If you use angular the backend can be 100% API based which reduced the work and also open up a rich API for headless mode.
>> 
>> Eoin Keary
>> BCC Risk Advisory - edgescan CTO
>> Gartner "notable vendor" MSSP MQ
>> 
>> 
>> 
>> On 29 May 2015, at 08:45, The Black Labrador <mike.goodwin at owasp.org> wrote:
>> 
>> Angular 2 is a worry. All the signs are that migration from v1 is not going to be a high priority for them. Mobile first, then larger firm factors then migration...maybe.
>> 
>> Angular is great, but they will lose a lot of trust and users in my opinion.
>> 
>> Mike
>> From: Dinis Cruz
>> Sent: ‎28/‎05/‎2015 17:17
>> To: Jim Manico
>> Cc: owasp-leaders at lists.owasp.org
>> Subject: Re: [Owasp-leaders] ZAP as a Service
>> 
>> yeah Angular is great (we're using that too), it's a bit weird what is going on with angular 2.0, which opens up the game to other frameworks like React.js
>> 
>> And from a security point of view, as Jim mentioned Angular has a really good security story
>> 
>> Dinis
>> 
>>> On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:
>>> I personally recommend Angular templates. This is quickly becoming the defacto-standard for XSS resistant templating. It's one of the only popular context-aware auto-escaping templates, it has a built-in HTML sanitizer, and it offers an integrated CSP module.
>>> 
>>> If you have a greenfield project choice - go angular. Just make sure your developers are using the HTML sanitizer anytime they disable escaping for a certain field.
>>> 
>>> Aloha,
>>> Jim
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>>> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a NodeJS front-end that runs with Jade Templates (with no or minimal Javascript) 
>>> 
>>> That is what we spend our days coding in :)
>>> 
>>> Dinis
>>> 
>>>> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>>>> We certainly dont want to hand-craft a load of JS and cope with all of the different browser variations ;)
>>>> So yes, I expect we'll be using a JS framework.
>>>> I've started investigating them, but its early days - this is one we'll definitely be discussing on the ZAP Developer Group.
>>>> 
>>>> Cheers,
>>>> 
>>>> Simon
>>>> 
>>>>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>>>> Hi Simon
>>>>> 
>>>>> 
>>>>> You mentioned you will use HTML5 , are you planning to use this in combination with any JavaScript frameworks or the use of JSP could be implemented?
>>>>> 
>>>>> regards
>>>>> 
>>>>> Johanna
>>>>> 
>>>>> On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>> Leaders,
>>>>>> 
>>>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a Service (ZaaS).
>>>>>> I've just published a blog post which gives a few more details: http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>>> 
>>>>>> I think this is a major development for ZAP, which is why I've posted to this list ;)
>>>>>> 
>>>>>> Cheers,
>>>>>> 
>>>>>> Simon
>>>>>> 
>>>>>> -- 
>>>>>> OWASP ZAP Project leader
>>>>>> 
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> OWASP ZAP Project leader
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150602/ebc48099/attachment-0001.html>


More information about the OWASP-Leaders mailing list