[Owasp-leaders] ZAP as a Service
Matt Tesauro
matt.tesauro at owasp.org
Fri May 29 19:28:25 UTC 2015
> the backend can be 100% API based
Which is awesome for those of us who want to automate and completely skip
the UI.
Assuming you will do a REST API, I'd strongly suggest you shoot for level 2
or ideally level 3 that Fowler writes about at:
http://martinfowler.com/articles/richardsonMaturityModel.html
It will make your (and your users) interaction with the API much nicer from
a programming perspective.
Keep up the stellar ZAP work!
--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
On Fri, May 29, 2015 at 3:28 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
> If you use angular the backend can be 100% API based which reduced the
> work and also open up a rich API for headless mode.
>
> Eoin Keary
> BCC Risk Advisory - edgescan CTO
> Gartner "notable vendor" MSSP MQ
>
>
>
> On 29 May 2015, at 08:45, The Black Labrador <mike.goodwin at owasp.org>
> wrote:
>
> Angular 2 is a worry. All the signs are that migration from v1 is not
> going to be a high priority for them. Mobile first, then larger firm
> factors then migration...maybe.
>
> Angular is great, but they will lose a lot of trust and users in my
> opinion.
>
> Mike
> ------------------------------
> From: Dinis Cruz <dinis.cruz at owasp.org>
> Sent: 28/05/2015 17:17
> To: Jim Manico <jim.manico at owasp.org>
> Cc: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] ZAP as a Service
>
> yeah Angular is great (we're using that too), it's a bit weird what is
> going on with angular 2.0, which opens up the game to other frameworks like
> React.js
>
> And from a security point of view, as Jim mentioned Angular has a really
> good security story
>
> Dinis
>
> On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org> wrote:
>
>> I personally recommend Angular templates. This is quickly becoming the
>> defacto-standard for XSS resistant templating. It's one of the only popular
>> context-aware auto-escaping templates, it has a built-in HTML sanitizer,
>> and it offers an integrated CSP module.
>>
>> If you have a greenfield project choice - go angular. Just make sure your
>> developers are using the HTML sanitizer anytime they disable escaping for a
>> certain field.
>>
>> Aloha,
>> Jim
>>
>>
>>
>>
>>
>> On 5/28/15 4:38 PM, Dinis Cruz wrote:
>>
>> Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you want a
>> NodeJS front-end that runs with Jade Templates (with no or minimal
>> Javascript)
>>
>> That is what we spend our days coding in :)
>>
>> Dinis
>>
>> On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com> wrote:
>>
>>> We certainly dont want to hand-craft a load of JS and cope with all
>>> of the different browser variations ;)
>>> So yes, I expect we'll be using a JS framework.
>>> I've started investigating them, but its early days - this is one we'll
>>> definitely be discussing on the ZAP Developer Group.
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Hi Simon
>>>>
>>>>
>>>> You mentioned you will use HTML5 , are you planning to use this in
>>>> combination with any JavaScript frameworks or the use of JSP could be
>>>> implemented?
>>>>
>>>> regards
>>>>
>>>> Johanna
>>>>
>>>> On Thu, May 28, 2015 at 7:23 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Leaders,
>>>>>
>>>>> Last week at Amsterdam I announced a new direction for ZAP - ZAP as a
>>>>> Service (ZaaS).
>>>>> I've just published a blog post which gives a few more details:
>>>>> http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>>>>
>>>>> I think this is a major development for ZAP, which is why I've
>>>>> posted to this list ;)
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150529/ccac4cf8/attachment-0001.html>
More information about the OWASP-Leaders
mailing list