[Owasp-leaders] ZAP as a Service

Jim Manico jim.manico at owasp.org
Fri May 29 19:30:23 UTC 2015


Is the worry political or technical? I mean, are they reducing XSS 
defense effectiveness?

- Jim


On 5/29/15 9:45 AM, The Black Labrador wrote:
> Angular 2 is a worry. All the signs are that migration from v1 is not 
> going to be a high priority for them. Mobile first, then larger firm 
> factors then migration...maybe.
>
> Angular is great, but they will lose a lot of trust and users in my 
> opinion.
>
> Mike
> ------------------------------------------------------------------------
> From: Dinis Cruz <mailto:dinis.cruz at owasp.org>
> Sent: ‎28/‎05/‎2015 17:17
> To: Jim Manico <mailto:jim.manico at owasp.org>
> Cc: owasp-leaders at lists.owasp.org <mailto:owasp-leaders at lists.owasp.org>
> Subject: Re: [Owasp-leaders] ZAP as a Service
>
> yeah Angular is great (we're using that too), it's a bit weird what is 
> going on with angular 2.0, which opens up the game to other frameworks 
> like React.js
>
> And from a security point of view, as Jim mentioned Angular has a 
> really good security story
>
> Dinis
>
> On 28 May 2015 at 16:27, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     I personally recommend Angular templates. This is quickly becoming
>     the defacto-standard for XSS resistant templating. It's one of the
>     only popular context-aware auto-escaping templates, it has a
>     built-in HTML sanitizer, and it offers an integrated CSP module.
>
>     If you have a greenfield project choice - go angular. Just make
>     sure your developers are using the HTML sanitizer anytime they
>     disable escaping for a certain field.
>
>     Aloha,
>     Jim
>
>
>
>
>
>     On 5/28/15 4:38 PM, Dinis Cruz wrote:
>>     Let me (or Michael Hidalgo from OWASP in Costa Rica) know If you
>>     want a NodeJS front-end that runs with Jade Templates (with no or
>>     minimal Javascript)
>>
>>     That is what we spend our days coding in :)
>>
>>     Dinis
>>
>>     On 28 May 2015 at 13:40, psiinon <psiinon at gmail.com
>>     <mailto:psiinon at gmail.com>> wrote:
>>
>>         We certainly dont want to hand-craft a load of JS and cope
>>         with all of the different browser variations ;)
>>         So yes, I expect we'll be using a JS framework.
>>         I've started investigating them, but its early days - this is
>>         one we'll definitely be discussing on the ZAP Developer Group.
>>
>>         Cheers,
>>
>>         Simon
>>
>>         On Thu, May 28, 2015 at 1:36 PM, johanna curiel curiel
>>         <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>>
>>         wrote:
>>
>>             Hi Simon
>>
>>
>>             You mentioned you will use HTML5 , are you planning to
>>             use this in combination with any JavaScript frameworks or
>>             the use of JSP could be implemented?
>>
>>             regards
>>
>>             Johanna
>>
>>             On Thu, May 28, 2015 at 7:23 AM, psiinon
>>             <psiinon at gmail.com <mailto:psiinon at gmail.com>> wrote:
>>
>>                 Leaders,
>>
>>                 Last week at Amsterdam I announced a new direction
>>                 for ZAP - ZAP as a Service (ZaaS).
>>                 I've just published a blog post which gives a few
>>                 more details:
>>                 http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html
>>
>>                 I think this is a major development for ZAP, which is
>>                 why I've posted to this list ;)
>>
>>                 Cheers,
>>
>>                 Simon
>>
>>                 -- 
>>                 OWASP ZAP <https://www.owasp.org/index.php/ZAP>
>>                 Project leader
>>
>>                 _______________________________________________
>>                 OWASP-Leaders mailing list
>>                 OWASP-Leaders at lists.owasp.org
>>                 <mailto:OWASP-Leaders at lists.owasp.org>
>>                 https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>
>>         -- 
>>         OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>>         _______________________________________________
>>         OWASP-Leaders mailing list
>>         OWASP-Leaders at lists.owasp.org
>>         <mailto:OWASP-Leaders at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150529/313a4ac9/attachment.html>


More information about the OWASP-Leaders mailing list