<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><div><div style="font-family: Calibri,sans-serif; font-size: 11pt;">Angular 2 is a worry. All the signs are that migration from v1 is not going to be a high priority for them. Mobile first, then larger firm factors then migration...maybe.<br><br>Angular is great, but they will lose a lot of trust and users in my opinion.<br><br>Mike</div></div><div dir="ltr"><hr><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">From: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:dinis.cruz@owasp.org">Dinis Cruz</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Sent: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">‎28/‎05/‎2015 17:17</span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">To: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:jim.manico@owasp.org">Jim Manico</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Cc: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:owasp-leaders@lists.owasp.org">owasp-leaders@lists.owasp.org</a></span><br><span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Subject: </span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">Re: [Owasp-leaders] ZAP as a Service</span><br><br></div><div dir="ltr">yeah Angular is great (we're using that too), it's a bit weird what is going on with angular 2.0, which opens up the game to other frameworks like React.js<div><br></div><div>And from a security point of view, as Jim mentioned Angular has a really good security story</div><div><br></div><div>Dinis</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 28 May 2015 at 16:27, Jim Manico <span dir="ltr"><<a href="mailto:jim.manico@owasp.org" target="_blank">jim.manico@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    I personally recommend Angular templates. This is quickly becoming
    the defacto-standard for XSS resistant templating. It's one of the
    only popular context-aware auto-escaping templates, it has a
    built-in HTML sanitizer, and it offers an integrated CSP module.<br>
    <br>
    If you have a greenfield project choice - go angular. Just make sure
    your developers are using the HTML sanitizer anytime they disable
    escaping for a certain field.<br>
    <br>
    Aloha,<br>
    Jim<div><div class="h5"><br>
    <br>
    <br>
    <br>
    <br>
    <div>On 5/28/15 4:38 PM, Dinis Cruz wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Let me (or Michael Hidalgo from OWASP in Costa
        Rica) know If you want a NodeJS front-end that runs with Jade
        Templates (with no or minimal Javascript) 
        <div><br>
        </div>
        <div>That is what we spend our days coding in :)</div>
        <div><br>
        </div>
        <div>Dinis</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On 28 May 2015 at 13:40, psiinon <span dir="ltr"><<a href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
            <div dir="ltr">
              <div>
                <div>
                  <div>
                    <div>We certainly dont want to hand-craft a load of
                      JS and cope with all of the different browser
                      variations ;)<br>
                    </div>
                    So yes, I expect we'll be using a JS framework.<br>
                  </div>
                  I've started investigating them, but its early days -
                  this is one we'll definitely be discussing on the ZAP
                  Developer Group.<br>
                </div>
                <div><br>
                </div>
                Cheers,<br>
                <br>
              </div>
              Simon<br>
            </div>
            <div>
              <div>
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Thu, May 28, 2015 at 1:36
                    PM, johanna curiel curiel <span dir="ltr"><<a href="mailto:johanna.curiel@owasp.org" target="_blank">johanna.curiel@owasp.org</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
                      <div dir="ltr">Hi Simon
                        <div><br>
                        </div>
                        <div><br>
                        </div>
                        <div>You mentioned you will use HTML5 , are you
                          planning to use this in combination with any
                          JavaScript frameworks or the use of JSP could
                          be implemented?</div>
                        <div><br>
                        </div>
                        <div>regards</div>
                        <span><font color="#888888">
                            <div><br>
                            </div>
                            <div>Johanna</div>
                          </font></span></div>
                      <div class="gmail_extra"><br>
                        <div class="gmail_quote">
                          <div>
                            <div>On Thu, May 28, 2015 at 7:23 AM,
                              psiinon <span dir="ltr"><<a href="mailto:psiinon@gmail.com" target="_blank">psiinon@gmail.com</a>></span>
                              wrote:<br>
                            </div>
                          </div>
                          <blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
                            <div>
                              <div>
                                <div dir="ltr">
                                  <div>
                                    <div>
                                      <div>Leaders,<br>
                                      </div>
                                      <div><br>
                                        Last week at Amsterdam I
                                        announced a new direction for
                                        ZAP - ZAP as a Service (ZaaS).<br>
                                      </div>
                                      I've just published a blog post
                                      which gives a few more details: <a href="http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html" target="_blank">http://zaproxy.blogspot.no/2015/05/zap-as-service-zaas.html</a><br>
                                      <br>
                                    </div>
                                    <div>I think this is a major
                                      development for ZAP, which is why
                                      I've posted to this list ;)<br>
                                    </div>
                                    <div><br>
                                    </div>
                                    Cheers,<br>
                                    <br>
                                  </div>
                                  Simon<span><font color="#888888"><br clear="all">
                                      <div>
                                        <div>
                                          <div>
                                            <div><br>
                                              -- <br>
                                              <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP ZAP</a>
                                                Project leader<br>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </font></span></div>
                                <br>
                              </div>
                            </div>
                            <span>_______________________________________________<br>
                              OWASP-Leaders mailing list<br>
                              <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                              <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                              <br>
                            </span></blockquote>
                        </div>
                        <br>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <br>
                  -- <br>
                  <div><a href="https://www.owasp.org/index.php/ZAP" target="_blank">OWASP ZAP</a> Project leader<br>
                  </div>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
            <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
OWASP-Leaders mailing list
<a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>
</body></html>