[Owasp-leaders] Secure Code Warrior Ltd

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Wed Jul 13 14:46:49 UTC 2016


In all my talks and my professional projects I push ZAP because it is
better or equivalent to Burp Pro (depending on the options).

I agree we must push OWASP project,docs, etc.
Azzeddine

On Wed, Jul 13, 2016 at 4:42 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >>I agree but if the attendees during the talk ask questions about
> commercial or free and limited commercial products we must be able to
> answer.
> So we must knew the competion and there offers.
>
> Answering related questions regarding commercial products, I would always
> begin a sentence "in my opinion..."
>
> I might find Burp better that ZAP at reporting, but referring to it during
> chapter presentation could be seen as endorsement .
>
> I would say in that case
>
> I"n my opinion and base on my experience , I like Burp pro versions
> reporting module and thats the reason I used it instead of ZAP..bla bla.."
>
> But I don't feel like an authority to provide accurate answers about
> vendors based on my opinion and experience and I will make sure the
> audience is clear on this if they ask questions regarding comparison
> between products
>
> Thats is not our mission peeps and I would avoid any talks that compares
> products where you need to provide our opinion. In the end is your opinion.
>
> ... coming back to the Security Warrior question raised by Mike, I would
> say , that I think is OK as long as they don't talk how to do things with
> their platform, otherwise, we might start charging these kind of marketing
> sneaky pitches ;-)
>
>
> On Wed, Jul 13, 2016 at 10:25 AM, Azzeddine Ramrami <
> azzeddine.ramrami at owasp.org> wrote:
>
>> I agree but if the attendees during the talk ask questions about
>> commercial or free and limited commercial products we must be able to
>> answer.
>> So we must knew the competion and there offers.
>>
>> Azzeddine
>>
>> On Wed, Jul 13, 2016 at 4:16 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> >>There is no open source version of Burp - this seems to be a common
>>> misconception. There is a _free_ version of Burp, but the source code is
>>> NOT available and therefore it is not open source.
>>>
>>> Simon, thx for clarifying.
>>>
>>> In that case Burp should be banned ;-P
>>>
>>> Only ZAP allowed (hey, we must encourage our 'products'  not the
>>> competitors, ehh... I mean our Open source projects) :D
>>>
>>> On Wed, Jul 13, 2016 at 9:43 AM, psiinon <psiinon at gmail.com> wrote:
>>>
>>>>
>>>> On Wed, Jul 13, 2016 at 3:35 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Now example, burp has 2 licenses.Imagine burp wants to give a demo,
>>>>> I'm with it as long as it focuses on a security subject and they use the
>>>>> open source version (not fair to present 'how to do things' with the pro
>>>>> one which costs USD300 a year)
>>>>>
>>>>
>>>> There is no open source version of Burp - this seems to be a common
>>>> misconception.
>>>> There is a _free_ version of Burp, but the source code is NOT available
>>>> and therefore it is not open source.
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>
>>>
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Azzeddine RAMRAMI
>> +33 6 65 48 90 04.
>> Enterprise Security Architect
>> OWASP Leader (Morocco Chapter)
>> Mozilla Security Projects Mentor
>>
>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>



-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/dd93effa/attachment.html>


More information about the OWASP-Leaders mailing list