[Owasp-leaders] ZAP as a Service

Jim Manico jim.manico at owasp.org
Thu May 28 15:27:21 UTC 2015


I personally recommend Angular templates. This is quickly becoming the 
defacto-standard for XSS resistant templating. It's one of the only 
popular context-aware auto-escaping templates, it has a built-in HTML 
sanitizer, and it offers an integrated CSP module.

If you have a greenfield project choice - go angular. Just make sure 
your developers are using the HTML sanitizer anytime they disable 
escaping for a certain field.

Aloha,
Jim




On 5/28/15 4:38 PM, Dinis Cruz wrote:
> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want 
> a NodeJS front-end that runs with Jade Templates (with no or minimal 
> Javascript)
>
> That is what we spend our days coding in :)
>
> Dinis
>
> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com 
> <mailto:psiinon at gmail.com>> wrote:
>
>     We certainly dont want to hand-craft a load of JS and cope with
>     all of the different browser variations ;)
>     So yes, I expect we'll be using a JS framework.
>     I've started investigating them, but its early days - this is one
>     we'll definitely be discussing on the ZAP Developer Group.
>
>     Cheers,
>
>     Simon
>
>     On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel
>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>         Hi Simon
>
>
>         You mentioned you will use HTML5 , are you planning to use
>         this in combination with any JavaScript frameworks or the use
>         of JSP could be implemented?
>
>         regards
>
>         Johanna
>
>         On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com
>         <mailto:psiinon at gmail.com>> wrote:
>
>             Leaders,
>
>             Last week at Amsterdam I announced a new direction for ZAP
>             - ZAP as a Service (ZaaS).
>             I've just published a blog post which gives a few more
>             details:
>             http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>
>             I think this is a major development for ZAP, which is why
>             I've posted to this list ;)
>
>             Cheers,
>
>             Simon
>
>             -- 
>             OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>             _______________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <mailto:OWASP-Leaders at lists.owasp.org>
>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>
>     -- 
>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150528/918c7c44/attachment-0001.html>


More information about the OWASP-Leaders mailing list