[Owasp-leaders] ZAP as a Service

Dinis Cruz dinis.cruz at owasp.org
Thu May 28 16:15:33 UTC 2015


yeah Angular is great (we're using that too), it's a bit weird what is
going on with angular 2.0, which opens up the game to other frameworks like
React.js

And from a security point of view, as Jim mentioned Angular has a really
good security story

Dinis

On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:

>  I personally recommend Angular templates. This is quickly becoming the
> defacto-standard for XSS resistant templating. It's one of the only popular
> context-aware auto-escaping templates, it has a built-in HTML sanitizer,
> and it offers an integrated CSP module.
>
> If you have a greenfield project choice - go angular. Just make sure your
> developers are using the HTML sanitizer anytime they disable escaping for a
> certain field.
>
> Aloha,
> Jim
>
>
>
>
>
> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>
> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a
> NodeJS front-end that runs with Jade Templates (with no or minimal
> Javascript)
>
>  That is what we spend our days coding in :)
>
>  Dinis
>
> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>
>>   We certainly dont want to hand-craft a load of JS and cope with all of
>> the different browser variations ;)
>>  So yes, I expect we'll be using a JS framework.
>>  I've started investigating them, but its early days - this is one we'll
>> definitely be discussing on the ZAP Developer Group.
>>
>>  Cheers,
>>
>>  Simon
>>
>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Simon
>>>
>>>
>>>  You mentioned you will use HTML5 , are you planning to use this in
>>> combination with any JavaScript frameworks or the use of JSP could be
>>> implemented?
>>>
>>>  regards
>>>
>>>  Johanna
>>>
>>>  On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>>    Leaders,
>>>>
>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a
>>>> Service (ZaaS).
>>>>  I've just published a blog post which gives a few more details:
>>>> http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>
>>>>  I think this is a major development for ZAP, which is why I've posted
>>>> to this list ;)
>>>>
>>>>  Cheers,
>>>>
>>>>  Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150528/59ec5996/attachment.html>


More information about the OWASP-Leaders mailing list