[Owasp-leaders] ZAP as a Service

Matt Tesauro matt.tesauro at owasp.org
Fri May 29 19:28:25 UTC 2015


> the backend can be 100% API based

Which is awesome for those of us who want to automate and completely skip
the UI.

Assuming you will do a REST API, I'd strongly suggest you shoot for level 2
or ideally level 3 that Fowler writes about at:
http://martinfowler.com/articles/richardsonMaturityModel.html

It will make your (and your users) interaction with the API much nicer from
a programming perspective.

Keep up the stellar ZAP work!

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project

On Fri, May 29, 2015 at 3:28 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> If you use angular the backend can be 100% API based which reduced the
> work and also open up a rich API for headless mode.
>
> Eoin Keary
> BCC Risk Advisory - edgescan CTO
> Gartner "notable vendor" MSSP MQ
>
>
>
> On 29 May 2015, at 08:45, The Black Labrador <mike.goodwin at owasp.org>
> wrote:
>
> Angular 2 is a worry. All the signs are that migration from v1 is not
> going to be a high priority for them. Mobile first, then larger firm
> factors then migration...maybe.
>
> Angular is great, but they will lose a lot of trust and users in my
> opinion.
>
> Mike
> ------------------------------
> From: Dinis Cruz <dinis.cruz at owasp.org>
> Sent: ‎28/‎05/‎2015 17:17
> To: Jim Manico <jim.manico at owasp.org>
> Cc: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] ZAP as a Service
>
> yeah Angular is great (we're using that too), it's a bit weird what is
> going on with angular 2.0, which opens up the game to other frameworks like
> React.js
>
> And from a security point of view, as Jim mentioned Angular has a really
> good security story
>
> Dinis
>
> On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:
>
>>  I personally recommend Angular templates. This is quickly becoming the
>> defacto-standard for XSS resistant templating. It's one of the only popular
>> context-aware auto-escaping templates, it has a built-in HTML sanitizer,
>> and it offers an integrated CSP module.
>>
>> If you have a greenfield project choice - go angular. Just make sure your
>> developers are using the HTML sanitizer anytime they disable escaping for a
>> certain field.
>>
>> Aloha,
>> Jim
>>
>>
>>
>>
>>
>> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>>
>> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a
>> NodeJS front-end that runs with Jade Templates (with no or minimal
>> Javascript)
>>
>>  That is what we spend our days coding in :)
>>
>>  Dinis
>>
>> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>>
>>>   We certainly dont want to hand-craft a load of JS and cope with all
>>> of the different browser variations ;)
>>>  So yes, I expect we'll be using a JS framework.
>>>  I've started investigating them, but its early days - this is one we'll
>>> definitely be discussing on the ZAP Developer Group.
>>>
>>>  Cheers,
>>>
>>>  Simon
>>>
>>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Hi Simon
>>>>
>>>>
>>>>  You mentioned you will use HTML5 , are you planning to use this in
>>>> combination with any JavaScript frameworks or the use of JSP could be
>>>> implemented?
>>>>
>>>>  regards
>>>>
>>>>  Johanna
>>>>
>>>>  On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>>    Leaders,
>>>>>
>>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a
>>>>> Service (ZaaS).
>>>>>  I've just published a blog post which gives a few more details:
>>>>> http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>>
>>>>>  I think this is a major development for ZAP, which is why I've
>>>>> posted to this list ;)
>>>>>
>>>>>  Cheers,
>>>>>
>>>>>  Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>>  _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150529/ccac4cf8/attachment-0001.html>


More information about the OWASP-Leaders mailing list