[Owasp-leaders] Scanning nextgen / modern web apps

psiinon psiinon at gmail.com
Thu Jan 12 15:34:30 UTC 2017


Björn has proposed
<https://github.com/OWASP/owasp-summit-2017/pull/40/files> a workshop on
"NextGen Security Scanners" for the OWASP Summit - to quote him:

Today's security scanners were built for yesterday's web applications,
based on server-side rendering concepts. They often fail or at least lack
functionality when it comes to modern web applications using rich
Javascript clients.

I think he's absolutely right, but I dont want to wait until June ;)

So who would like to join a discussion around this now?

Please reply directly to me (rather than the whole list) if you just want
to say "me too" :)

I was thinking of just creating a Google Group for the discussions (so we
dont spam the leaders list), but feel free to propose alternative
approaches. The proposed Summit workshop can build on these discussions but
I'm expecting many people wont be able to make that.

Obviously I'm thinking about ZAP, but this is not a ZAP specific discussion
- it could apply to any existing or future scanners. Maybe we could even
develop some components that could be reused by all scanners?



OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170112/69e20cf0/attachment.html>

More information about the OWASP-Leaders mailing list