[Owasp-leaders] ZAP as a Service

Fri May 29 07:45:53 UTC 2015

Angular 2 is a worry. All the signs are that migration from v1 is not going to be a high priority for them. Mobile first, then larger firm factors then migration...maybe.

Angular is great, but they will lose a lot of trust and users in my opinion.

Mike

-----Original Message-----
From: "Dinis Cruz" <dinis.cruz at owasp.org>
Sent: ‎28/‎05/‎2015 17:17
To: "Jim Manico" <jim.manico at owasp.org>
Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] ZAP as a Service

yeah Angular is great (we're using that too), it's a bit weird what is going on with angular 2.0, which opens up the game to other frameworks like React.js

And from a security point of view, as Jim mentioned Angular has a really good security story

Dinis

On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:

I personally recommend Angular templates. This is quickly becoming the defacto-standard for XSS resistant templating. It's one of the only popular context-aware auto-escaping templates, it has a built-in HTML sanitizer, and it offers an integrated CSP module.

If you have a greenfield project choice - go angular. Just make sure your developers are using the HTML sanitizer anytime they disable escaping for a certain field.

Aloha,
Jim

On 5/28/15 4:38 PM, Dinis Cruz wrote:

Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a NodeJS front-end that runs with Jade Templates (with no or minimal Javascript)  

That is what we spend our days coding in :)

Dinis

On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:

We certainly dont want to hand-craft a load of JS and cope with all of the different browser variations ;)

So yes, I expect we'll be using a JS framework.

I've started investigating them, but its early days - this is one we'll definitely be discussing on the ZAP Developer Group.

Cheers,

Simon

On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:

Hi Simon 

You mentioned you will use HTML5 , are you planning to use this in combination with any JavaScript frameworks or the use of JSP could be implemented?

regards

Johanna

On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:

Leaders,

Last week at Amsterdam I announced a new direction for ZAP - ZAP as a Service (ZaaS).

I've just published a blog post which gives a few more details: http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html

I think this is a major development for ZAP, which is why I've posted to this list ;)

Cheers,

Simon

-- 

OWASP ZAP Project leader

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 

OWASP ZAP Project leader

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150529/8dbb896b/attachment.html>