[Owasp-leaders] Are we helping Hackers or helping Application security?
Christo
christo.goosen at owasp.org
Fri May 27 07:47:53 UTC 2016
+1 on this opinion.
We can't snub tools like ZAP if we don't have an arsenal of defense
tools rivaling ZAP's popularity.
If OWASP loses the ZAP project, it loses a lot of potential traffic and
credibility.
CG
On Friday 27 May 2016 06:37 AM, Timo Goosen wrote:
> "
> ZAP on one side , with a quality and level of development that is
> competing with the commercial tools like Burp, but on the other side,
> to balance the equation, what are we actually doing to improve
> defense? What kind of defender projects does OWASP has to compete what
> ZAP is doing?"
> Maybe if the Spanish police ran ZAP against their own websites then
> this would have never happened.
> Also this guy probably also used a browser and a terminal. I don't
> think that makes browsers and terminals bad or evil tools.
>
> Also he had strong political motive. In my country for example the
> police massacred 44 people in 2012 in broad day light
> see https://en.wikipedia.org/wiki/Marikana_killings
> so I can understand the point he is trying to make even though I might
> not agree with it.
>
> Regards.
> Timo
>
>
> On Wed, May 25, 2016 at 10:37 AM, Azzeddine Ramrami
> <azzeddine.ramrami at owasp.org <mailto:azzeddine.ramrami at owasp.org>> wrote:
>
> +1
>
> On Wed, May 25, 2016 at 10:29 AM, Achim <achim at owasp.org
> <mailto:achim at owasp.org>> wrote:
>
> On 25.05.2016 03 <tel:25.05.2016%2003>:19, johanna curiel
> curiel wrote:
> ...
> >
> > For those who have not seen the video highly recommended
> >
> > https://tune.pk/video/6528544/hack
>
> ...
>
> Hmm, looking at the video, I'd say that the subject of this
> thread is
> off-topic, at least the complain about the realation with ZAP.
> All the malicious hacks are done using sqlmap and some
> backdoor shells.
> ZAP is only used to copy some data (cookie and POST data)
> which could be
> done easily with browser add-ons too, just to name a few: web
> developer,
> firebug, firehttp, live http header, and many more ...
>
> So the blame should go to mozilla and the add-on deveopers
> too. Does it?
> Or bash bash, kali, mysql, nc, vim, ...
>
> Said this, the discussion in general is ok, but not blaming
> ZAP for the
> case shown in the video.
>
> Time to calm down, OWASP and its tools are ok ;-)
>
> Ciao
> Achim
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04 <tel:%2B33%206%2065%2048%2090%2004>.
> Enterprise Security Architect
> OWASP Leader (Morocco Chapter)
> Mozilla Security Projects Mentor
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
--
owasp-cpt-logo
Christo Goosen
OWASP Cape Town Chapter Leader
OWASP Foundation
https://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/7cfcc816/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp_cpt.jpg
Type: image/jpeg
Size: 8138 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160527/7cfcc816/attachment-0001.jpg>
More information about the OWASP-Leaders
mailing list