[Owasp-leaders] Are we helping Hackers or helping Application security?

Timo Goosen timo.goosen at owasp.org
Fri May 27 04:37:10 UTC 2016


"
ZAP on one side , with a quality and level of development that is competing
with the commercial tools like Burp, but on the other side, to balance the
equation, what are we actually doing to improve defense? What kind of
defender projects does OWASP has to compete what ZAP is doing?"
Maybe if the Spanish police ran ZAP against their own websites then this
would have never happened.
Also this guy probably also used a browser and a terminal. I don't think
that makes browsers and terminals bad or evil tools.

Also he had strong political motive. In my country for example the
police massacred 44 people in 2012 in broad day light see
https://en.wikipedia.org/wiki/Marikana_killings
so I can understand the point he is trying to make even though I might not
agree with it.

Regards.
Timo



On Wed, May 25, 2016 at 10:37 AM, Azzeddine Ramrami <
azzeddine.ramrami at owasp.org> wrote:

> +1
>
> On Wed, May 25, 2016 at 10:29 AM, Achim <achim at owasp.org> wrote:
>
>> On 25.05.2016 03:19, johanna curiel curiel wrote:
>> ...
>> >
>> > For those who have not seen the video highly recommended
>> >
>> > https://tune.pk/video/6528544/hack
>>
>> ...
>>
>> Hmm, looking at the video, I'd say that the subject of this thread is
>> off-topic, at least the complain about the realation with ZAP.
>> All the malicious hacks are done using sqlmap and some backdoor shells.
>> ZAP is only used to copy some data (cookie and POST data) which could be
>> done easily with browser add-ons too, just to name a few: web developer,
>> firebug, firehttp, live http header, and many more ...
>>
>> So the blame should go to mozilla and the add-on deveopers too. Does it?
>> Or bash bash, kali, mysql, nc, vim, ...
>>
>> Said this, the discussion in general is ok, but not blaming ZAP for the
>> case shown in the video.
>>
>> Time to calm down, OWASP and its tools are ok ;-)
>>
>> Ciao
>> Achim
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
> Mozilla Security Projects Mentor
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/a88f46f1/attachment-0001.html>


More information about the OWASP-Leaders mailing list