<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    +1 on this opinion.<br>
    <br>
    We can't snub tools like ZAP if we don't have an arsenal of defense
    tools rivaling ZAP's popularity.<br>
    <br>
    If OWASP loses the ZAP project, it loses a lot of potential traffic
    and credibility. <br>
    <br>
    CG<br>
    <br>
    <div class="moz-cite-prefix">On Friday 27 May 2016 06:37 AM, Timo
      Goosen wrote:<br>
    </div>
    <blockquote
cite="mid:CAMOWqYBabVUWtZo3GwJtu_pRHoeehAMT-fhm3WKv-yzHDz_7KQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">"<br class="">
        <span
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:12.8px">ZAP
          on one side , with a quality and level of development that is
          competing with the commercial tools like Burp, but on the
          other side, to balance the equation, what are we actually
          doing to improve defense? What kind of defender projects does
          OWASP has to compete what ZAP is doing?"</span>
        <div><span
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:12.8px">Maybe
            if the Spanish police ran ZAP against their own websites
            then this would have never happened.</span></div>
        <div><span
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:12.8px">Also
            this guy probably also used a browser and a terminal. I
            don't think that makes browsers and terminals bad or evil
            tools. </span></div>
        <div><span
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:12.8px"><br>
          </span></div>
        <div><font color="#000000" face="arial, helvetica, sans-serif"><span
              style="font-size:12.8px">Also he had strong political
              motive. In my country for example the police massacred 44
              people in 2012 in broad day light see <a
                moz-do-not-send="true"
                href="https://en.wikipedia.org/wiki/Marikana_killings"><a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/Marikana_killings">https://en.wikipedia.org/wiki/Marikana_killings</a></a></span></font></div>
        <div><font color="#000000" face="arial, helvetica, sans-serif"><span
              style="font-size:12.8px">so I can understand the point he
              is trying to make even though I might not agree with it.</span></font></div>
        <div><font color="#000000" face="arial, helvetica, sans-serif"><span
              style="font-size:12.8px"><br>
            </span></font></div>
        <div><font color="#000000" face="arial, helvetica, sans-serif"><span
              style="font-size:12.8px">Regards.</span></font></div>
        <div><font color="#000000" face="arial, helvetica, sans-serif"><span
              style="font-size:12.8px">Timo</span></font></div>
        <div><span
style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:12.8px"><br>
          </span></div>
        <pre style="font-family:monospace,Courier;padding:1em;border:1px solid rgb(221,221,221);color:black;line-height:1.3em;font-size:14px;background-color:rgb(249,249,249)">
</pre>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, May 25, 2016 at 10:37 AM,
          Azzeddine Ramrami <span dir="ltr"><<a
              moz-do-not-send="true"
              href="mailto:azzeddine.ramrami@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:azzeddine.ramrami@owasp.org">azzeddine.ramrami@owasp.org</a></a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">+1<br>
            </div>
            <div class="gmail_extra">
              <div>
                <div class="h5"><br>
                  <div class="gmail_quote">On Wed, May 25, 2016 at 10:29
                    AM, Achim <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:achim@owasp.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:achim@owasp.org">achim@owasp.org</a></a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">On
                      <a moz-do-not-send="true"
                        href="tel:25.05.2016%2003" value="+12505201603"
                        target="_blank">25.05.2016 03</a>:19, johanna
                      curiel curiel wrote:<br>
                      ...<br>
                      <span>><br>
                        > For those who have not seen the video
                        highly recommended<br>
                        ><br>
                        > <a moz-do-not-send="true"
                          href="https://tune.pk/video/6528544/hack"
                          rel="noreferrer" target="_blank">https://tune.pk/video/6528544/hack</a><br>
                        <br>
                      </span>...<br>
                      <br>
                      Hmm, looking at the video, I'd say that the
                      subject of this thread is<br>
                      off-topic, at least the complain about the
                      realation with ZAP.<br>
                      All the malicious hacks are done using sqlmap and
                      some backdoor shells.<br>
                      ZAP is only used to copy some data (cookie and
                      POST data) which could be<br>
                      done easily with browser add-ons too, just to name
                      a few: web developer,<br>
                      firebug, firehttp, live http header, and many more
                      ...<br>
                      <br>
                      So the blame should go to mozilla and the add-on
                      deveopers too. Does it?<br>
                      Or bash bash, kali, mysql, nc, vim, ...<br>
                      <br>
                      Said this, the discussion in general is ok, but
                      not blaming ZAP for the<br>
                      case shown in the video.<br>
                      <br>
                      Time to calm down, OWASP and its tools are ok ;-)<br>
                      <br>
                      Ciao<br>
                      <span><font color="#888888">Achim<br>
                        </font></span>
                      <div>
                        <div><br>
_______________________________________________<br>
                          OWASP-Leaders mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:OWASP-Leaders@lists.owasp.org"
                            target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                          <a moz-do-not-send="true"
                            href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
                            rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <br>
                </div>
              </div>
              <span class="HOEnZb"><font color="#888888">-- <br>
                  <div>
                    <div dir="ltr">
                      <div>Azzeddine RAMRAMI<br>
                        <a moz-do-not-send="true"
                          href="tel:%2B33%206%2065%2048%2090%2004"
                          value="+33665489004" target="_blank">+33 6 65
                          48 90 04</a>.<br>
                        Enterprise Security Architect<br>
                        OWASP Leader (Morocco Chapter)<br>
                      </div>
                      Mozilla Security Projects Mentor<br>
                    </div>
                  </div>
                </font></span></div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
            <a moz-do-not-send="true"
              href="https://lists.owasp.org/mailman/listinfo/owasp-leaders"
              rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      <br>
      <div class="moz-signature"> <br>
        <meta http-equiv="content-type" content="text/html;
          charset=windows-1252">
        <title></title>
        <img alt="owasp-cpt-logo"
          title="https://www.owasp.org/index.php/Cape_Town"
          src="cid:part11.01050708.07040004@owasp.org" height="109"
          width="338"><br>
        <pre class="moz-signature" cols="72"> 
Christo Goosen
OWASP Cape Town Chapter Leader
OWASP Foundation
<a class="moz-txt-link-freetext" href="https://www.owasp.org">https://www.owasp.org</a></pre>
      </div>
    </div>
  </body>
</html>