[Owasp-Recife] Fwd: [Owasp-leaders] ZAP planned features

Caio Dias caio.dias at owasp.org
Fri Apr 25 13:12:03 UTC 2014

Sempre bom manter atualizado.

---------- Forwarded message ----------
From: psiinon <psiinon at gmail.com>
Date: Thu, Apr 24, 2014 at 1:46 PM
Subject: [Owasp-leaders] ZAP planned features
To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>, "
owasp_project_leader_list at lists.owasp.org" <
owasp_project_leader_list at lists.owasp.org>

As you're all hopefully aware, ZAP 2.3.0 has just been released.

And as ZAP is a Flagship project and the most active OWASP tool I thought
I'd let you all know the major features that we're now working on for
future releases.

If you think these are not the right lists for this sort of announcement
then feel free to flame me on or off list ;)

The main features we are working on are:

   - Client side scanning, a framework for scanning all common browsers as
   well as a POC DOM XSS scan rule
   - Advanced fuzzing components, including the ability to scan multiple
   - Advanced access control testing, including the detection or horizontal
   and vertical access control issues
   - SOAP Service scanning, including WSDL parsing and web service specific
   scan rules
   - Sequence scanning, allowing ZAP to scan parameters of pages that can
   only be accessed via set sequences
   - Sequence detection, the automated detection of pages that can only be
   accessed via set sequences

Most of these changes are being implemented by students, either as part of
Google Summer of Code 2014 or as part of their masters degrees. This is
great news and something I really want to support and encourage.
So if you're a student (or know one) who needs to work on a project as part
of your degree and fancy contributing to ZAP then please get in touch!

We dont have a date for 2.4 yet, we'll release it when its ready. The
contents may (and probably will;) vary.

If you'd like any more info about any of these enhancements them feel free
to contact me directly or head over the to ZAP Developer


OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

Caio Dias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20140425/6f7ecfcd/attachment.html>

More information about the Owasp-recife mailing list