[Owasp-leaders] Are we helping Hackers or helping Application security?

Christo christo.goosen at owasp.org
Fri May 27 07:47:53 UTC 2016


+1 on this opinion.

We can't snub tools like ZAP if we don't have an arsenal of defense
tools rivaling ZAP's popularity.

If OWASP loses the ZAP project, it loses a lot of potential traffic and
credibility.

CG

On Friday 27 May 2016 06:37 AM, Timo Goosen wrote:
> "
> ZAP on one side , with a quality and level of development that is
> competing with the commercial tools like Burp, but on the other side,
> to balance the equation, what are we actually doing to improve
> defense? What kind of defender projects does OWASP has to compete what
> ZAP is doing?"
> Maybe if the Spanish police ran ZAP against their own websites then
> this would have never happened.
> Also this guy probably also used a browser and a terminal. I don't
> think that makes browsers and terminals bad or evil tools. 
>
> Also he had strong political motive. In my country for example the
> police massacred 44 people in 2012 in broad day light
> see https://en.wikipedia.org/wiki/Marikana_killings
> so I can understand the point he is trying to make even though I might
> not agree with it.
>
> Regards.
> Timo
>
>
> On Wed, May 25, 2016 at 10:37 AM, Azzeddine Ramrami
> <azzeddine.ramrami at owasp.org <mailto:azzeddine.ramrami at owasp.org>> wrote:
>
>     +1
>
>     On Wed, May 25, 2016 at 10:29 AM, Achim <achim at owasp.org
>     <mailto:achim at owasp.org>> wrote:
>
>         On 25.05.2016 03 <tel:25.05.2016%2003>:19, johanna curiel
>         curiel wrote:
>         ...
>         >
>         > For those who have not seen the video highly recommended
>         >
>         > https://tune.pk/video/6528544/hack
>
>         ...
>
>         Hmm, looking at the video, I'd say that the subject of this
>         thread is
>         off-topic, at least the complain about the realation with ZAP.
>         All the malicious hacks are done using sqlmap and some
>         backdoor shells.
>         ZAP is only used to copy some data (cookie and POST data)
>         which could be
>         done easily with browser add-ons too, just to name a few: web
>         developer,
>         firebug, firehttp, live http header, and many more ...
>
>         So the blame should go to mozilla and the add-on deveopers
>         too. Does it?
>         Or bash bash, kali, mysql, nc, vim, ...
>
>         Said this, the discussion in general is ok, but not blaming
>         ZAP for the
>         case shown in the video.
>
>         Time to calm down, OWASP and its tools are ok ;-)
>
>         Ciao
>         Achim
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>     -- 
>     Azzeddine RAMRAMI
>     +33 6 65 48 90 04 <tel:%2B33%206%2065%2048%2090%2004>.
>     Enterprise Security Architect
>     OWASP Leader (Morocco Chapter)
>     Mozilla Security Projects Mentor
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 


owasp-cpt-logo

 
Christo Goosen
OWASP Cape Town Chapter Leader
OWASP Foundation
https://www.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/7cfcc816/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp_cpt.jpg
Type: image/jpeg
Size: 8138 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/7cfcc816/attachment-0001.jpg>


More information about the OWASP-Leaders mailing list