[Owasp-leaders] ZAP as a Service

Eoin Keary eoin.keary at owasp.org
Fri May 29 08:28:18 UTC 2015


If you use angular the backend can be 100% API based which reduced the work and also open up a rich API for headless mode.

Eoin Keary
BCC Risk Advisory - edgescan CTO
Gartner "notable vendor" MSSP MQ



> On 29 May 2015, at 08:45, The Black Labrador <mike.goodwin at owasp.org> wrote:
> 
> Angular 2 is a worry. All the signs are that migration from v1 is not going to be a high priority for them. Mobile first, then larger firm factors then migration...maybe.
> 
> Angular is great, but they will lose a lot of trust and users in my opinion.
> 
> Mike
> From: Dinis Cruz
> Sent: ‎28/‎05/‎2015 17:17
> To: Jim Manico
> Cc: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] ZAP as a Service
> 
> yeah Angular is great (we're using that too), it's a bit weird what is going on with angular 2.0, which opens up the game to other frameworks like React.js
> 
> And from a security point of view, as Jim mentioned Angular has a really good security story
> 
> Dinis
> 
>> On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:
>> I personally recommend Angular templates. This is quickly becoming the defacto-standard for XSS resistant templating. It's one of the only popular context-aware auto-escaping templates, it has a built-in HTML sanitizer, and it offers an integrated CSP module.
>> 
>> If you have a greenfield project choice - go angular. Just make sure your developers are using the HTML sanitizer anytime they disable escaping for a certain field.
>> 
>> Aloha,
>> Jim
>> 
>> 
>> 
>> 
>> 
>>> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>>> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a NodeJS front-end that runs with Jade Templates (with no or minimal Javascript) 
>>> 
>>> That is what we spend our days coding in :)
>>> 
>>> Dinis
>>> 
>>>> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>>>> We certainly dont want to hand-craft a load of JS and cope with all of the different browser variations ;)
>>>> So yes, I expect we'll be using a JS framework.
>>>> I've started investigating them, but its early days - this is one we'll definitely be discussing on the ZAP Developer Group.
>>>> 
>>>> Cheers,
>>>> 
>>>> Simon
>>>> 
>>>>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>>>> Hi Simon
>>>>> 
>>>>> 
>>>>> You mentioned you will use HTML5 , are you planning to use this in combination with any JavaScript frameworks or the use of JSP could be implemented?
>>>>> 
>>>>> regards
>>>>> 
>>>>> Johanna
>>>>> 
>>>>> On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>>>> Leaders,
>>>>>> 
>>>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a Service (ZaaS).
>>>>>> I've just published a blog post which gives a few more details: http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>>> 
>>>>>> I think this is a major development for ZAP, which is why I've posted to this list ;)
>>>>>> 
>>>>>> Cheers,
>>>>>> 
>>>>>> Simon
>>>>>> 
>>>>>> -- 
>>>>>> OWASP ZAP Project leader
>>>>>> 
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> OWASP ZAP Project leader
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150529/c2d38024/attachment-0001.html>


More information about the OWASP-Leaders mailing list