[Owasp-testing] Testing Guide : Tools sections

psiinon psiinon at gmail.com
Sun Aug 4 13:59:30 UTC 2013


I'm planning on going through the guide adding ZAP to the relevant tools
sections, and will try and add other tools that I know are definitely
relevant .

Is there a preferred format?

There seem to be verious formats used for similar tools, eg:

   - Web Proxy (*Burp Suite*[6] <http://portswigger.net>,
*Paros*[7]<http://www.parosproxy.org/index.shtml>,
   *WebScarab*[8] <http://www.owasp.org/index.php/OWASP_WebScarab_Project>)
   - OWASP WebScarab:
OWASP_WebScarab_Project<https://www.owasp.org/index.php/OWASP_WebScarab_Project>
   - WebScarab Spider
   http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

I was thinking of adding a small amount of info to indicate which
components of ZAP are relevant, but nothing that would exceed one line, eg:

   - OWASP ZAP: OWASP Zed Attack Proxy
Project<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project>-
Active scanner and fuzzer

That OK?
Should tools be listed in any sort of order, eg alphabetical? Or OWASP ones
first?
Should only free open source tools be included or are commercial tools
acceptable?

Cheers,

Simon

-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20130804/9ba748f7/attachment.html>


More information about the Owasp-testing mailing list