[Owasp-leaders] ZAP as a Service

psiinon psiinon at gmail.com
Thu May 28 15:38:09 UTC 2015


I was going to have this discussion on the ZAP Dev Group, but I'm also very
interested to here the opinions of the members of this list :)

Angular is definitely on my list to look closely at, as is React.js

Any other suggestions, either to look at or avoid?

Many thanks,

Simon

On Thu, May 28, 2015 at 4:27 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  I personally recommend Angular templates. This is quickly becoming the
> defacto-standard for XSS resistant templating. It's one of the only popular
> context-aware auto-escaping templates, it has a built-in HTML sanitizer,
> and it offers an integrated CSP module.
>
> If you have a greenfield project choice - go angular. Just make sure your
> developers are using the HTML sanitizer anytime they disable escaping for a
> certain field.
>
> Aloha,
> Jim
>
>
>
>
>
> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>
> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a
> NodeJS front-end that runs with Jade Templates (with no or minimal
> Javascript)
>
>  That is what we spend our days coding in :)
>
>  Dinis
>
> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>
>>   We certainly dont want to hand-craft a load of JS and cope with all of
>> the different browser variations ;)
>>  So yes, I expect we'll be using a JS framework.
>>  I've started investigating them, but its early days - this is one we'll
>> definitely be discussing on the ZAP Developer Group.
>>
>>  Cheers,
>>
>>  Simon
>>
>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Simon
>>>
>>>
>>>  You mentioned you will use HTML5 , are you planning to use this in
>>> combination with any JavaScript frameworks or the use of JSP could be
>>> implemented?
>>>
>>>  regards
>>>
>>>  Johanna
>>>
>>>  On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>>    Leaders,
>>>>
>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a
>>>> Service (ZaaS).
>>>>  I've just published a blog post which gives a few more details:
>>>> http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>
>>>>  I think this is a major development for ZAP, which is why I've posted
>>>> to this list ;)
>>>>
>>>>  Cheers,
>>>>
>>>>  Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150528/f8e72eac/attachment.html>


More information about the OWASP-Leaders mailing list