[Owasp-leaders] Secure Code Warrior Ltd

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 13 14:55:13 UTC 2016


>>I agree we must push OWASP project,docs, etc.

+Azzeddine

Our chapter meetings should focus on promoting what we produce and not
vendor products, now if we charge them and the audience is clear what they
will get into... (a sales pitch) then I think is a win-win situation, for
the chapters to get sponsors and fund activities and the vendor to make his
marketing

There ain't not such a thing as a free lunch
<https://en.wikipedia.org/wiki/There_ain%27t_no_such_thing_as_a_free_lunch>

On Wed, Jul 13, 2016 at 10:46 AM, Azzeddine Ramrami <
azzeddine.ramrami at owasp.org> wrote:

> In all my talks and my professional projects I push ZAP because it is
> better or equivalent to Burp Pro (depending on the options).
>
> I agree we must push OWASP project,docs, etc.
> Azzeddine
>
> On Wed, Jul 13, 2016 at 4:42 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> >>I agree but if the attendees during the talk ask questions about
>> commercial or free and limited commercial products we must be able to
>> answer.
>> So we must knew the competion and there offers.
>>
>> Answering related questions regarding commercial products, I would always
>> begin a sentence "in my opinion..."
>>
>> I might find Burp better that ZAP at reporting, but referring to it
>> during chapter presentation could be seen as endorsement .
>>
>> I would say in that case
>>
>> I"n my opinion and base on my experience , I like Burp pro versions
>> reporting module and thats the reason I used it instead of ZAP..bla bla.."
>>
>> But I don't feel like an authority to provide accurate answers about
>> vendors based on my opinion and experience and I will make sure the
>> audience is clear on this if they ask questions regarding comparison
>> between products
>>
>> Thats is not our mission peeps and I would avoid any talks that compares
>> products where you need to provide our opinion. In the end is your opinion.
>>
>> ... coming back to the Security Warrior question raised by Mike, I would
>> say , that I think is OK as long as they don't talk how to do things with
>> their platform, otherwise, we might start charging these kind of marketing
>> sneaky pitches ;-)
>>
>>
>> On Wed, Jul 13, 2016 at 10:25 AM, Azzeddine Ramrami <
>> azzeddine.ramrami at owasp.org> wrote:
>>
>>> I agree but if the attendees during the talk ask questions about
>>> commercial or free and limited commercial products we must be able to
>>> answer.
>>> So we must knew the competion and there offers.
>>>
>>> Azzeddine
>>>
>>> On Wed, Jul 13, 2016 at 4:16 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> >>There is no open source version of Burp - this seems to be a common
>>>> misconception. There is a _free_ version of Burp, but the source code is
>>>> NOT available and therefore it is not open source.
>>>>
>>>> Simon, thx for clarifying.
>>>>
>>>> In that case Burp should be banned ;-P
>>>>
>>>> Only ZAP allowed (hey, we must encourage our 'products'  not the
>>>> competitors, ehh... I mean our Open source projects) :D
>>>>
>>>> On Wed, Jul 13, 2016 at 9:43 AM, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>>
>>>>> On Wed, Jul 13, 2016 at 3:35 PM, johanna curiel curiel <
>>>>> johanna.curiel at owasp.org> wrote:
>>>>>
>>>>>> Now example, burp has 2 licenses.Imagine burp wants to give a demo,
>>>>>> I'm with it as long as it focuses on a security subject and they use the
>>>>>> open source version (not fair to present 'how to do things' with the pro
>>>>>> one which costs USD300 a year)
>>>>>>
>>>>>
>>>>> There is no open source version of Burp - this seems to be a common
>>>>> misconception.
>>>>> There is a _free_ version of Burp, but the source code is NOT
>>>>> available and therefore it is not open source.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>>
>>> --
>>> Azzeddine RAMRAMI
>>> +33 6 65 48 90 04.
>>> Enterprise Security Architect
>>> OWASP Leader (Morocco Chapter)
>>> Mozilla Security Projects Mentor
>>>
>>
>>
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
> Mozilla Security Projects Mentor
>



-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/740bb776/attachment-0001.html>


More information about the OWASP-Leaders mailing list