[Owasp-Recife] Fwd: [Owasp-leaders] ZAP planned features
caio.dias at owasp.org
Fri Apr 25 13:12:03 UTC 2014
Sempre bom manter atualizado.
---------- Forwarded message ----------
From: psiinon <psiinon at gmail.com>
Date: Thu, Apr 24, 2014 at 1:46 PM
Subject: [Owasp-leaders] ZAP planned features
To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>, "
owasp_project_leader_list at lists.owasp.org" <
owasp_project_leader_list at lists.owasp.org>
As you're all hopefully aware, ZAP 2.3.0 has just been released.
And as ZAP is a Flagship project and the most active OWASP tool I thought
I'd let you all know the major features that we're now working on for
If you think these are not the right lists for this sort of announcement
then feel free to flame me on or off list ;)
The main features we are working on are:
- Client side scanning, a framework for scanning all common browsers as
well as a POC DOM XSS scan rule
- Advanced fuzzing components, including the ability to scan multiple
- Advanced access control testing, including the detection or horizontal
and vertical access control issues
- SOAP Service scanning, including WSDL parsing and web service specific
- Sequence scanning, allowing ZAP to scan parameters of pages that can
only be accessed via set sequences
- Sequence detection, the automated detection of pages that can only be
accessed via set sequences
Most of these changes are being implemented by students, either as part of
Google Summer of Code 2014 or as part of their masters degrees. This is
great news and something I really want to support and encourage.
So if you're a student (or know one) who needs to work on a project as part
of your degree and fancy contributing to ZAP then please get in touch!
We dont have a date for 2.4 yet, we'll release it when its ready. The
contents may (and probably will;) vary.
If you'd like any more info about any of these enhancements them feel free
to contact me directly or head over the to ZAP Developer
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-recife