[Owasp-testing] Flagship Project Status

Brad Causey bradcausey at gmail.com
Mon Jun 9 07:44:02 UTC 2014


I've used Paros a good bit.

I'm an end user. *shrug*

-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

--
"Si vis pacem, para bellum"
--


On Sat, Jun 7, 2014 at 6:59 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Simon,
>
> No offence but I have to correct your record.
>
> You promoted ZAP to OWASP as a web proxy intended for developers and
> not webappsec professionals and your subsequent development has
> focused on features for the webappsec end user.  For comparison
> purposes http://www.charlesproxy.com/ development has continued to
> focus on web application developers.
>
> I would assume that Paros had no end users and that its developer(s)
> either didn't respond or refused to accept your patches (I am not sure
> of the exact background) because they no longer wanted to maintain
> Paros.  Furthermore, a majority of WebScarab end users where
> transiting http://portswigger.net/burp/ which has a modest fee to
> support its development.
>
> Paros has the worst UI have ever seen and ZAP has not improved on the
> UI after I tried it based on the recommendation of "The Testicles"
> i.e. https://twitter.com/search?f=realtime&q=sergicles%20ZAP&src=typd
>
> Your promotion of ZAP on mailing lists not hosted by OWASP appears to
> the public that WebScarab that it is no longer being developed and is
> therefore devalued.
>
> Both you and Michael (OWASP Chair) work[ed] at Mozilla and this is a
> conflict of interest.  Also, Paul Theriaut (Mozilla) wanted to present
> ZAP during the very unsuccessful relaunch of the OWASP Sydney,
> Australia Chapter, of which he is also one of the [chapter] leaders
> of.
>
> Those are the facts as I understand them, please let me know if I am
> incorrect?
>
> On Sat, Jun 7, 2014 at 7:34 PM, psiinon <psiinon at gmail.com> wrote:
> > On the contrary, I was very aware of WebScarab and its importance to
> OWASP
> > at the time - I half expected my application for ZAP to become an OWASP
> > project to be rejected due to the clear overlap with WebScarab.
> > I wanted to create a powerful but easy to use security tool for
> developers,
> > and I seriously considered using WebScarab as the basis for that tool.
> > However while WebScarab had much more of the functionality that I wanted
> > than Paros did, I found WebScarab very complicated and unintuitive.
> > I decided that I would rather add functionality to Paros than try to make
> > WebScarab easier to use, and I've not regretted that decision :)
> >
> > I do agree that OWASP has not been very effective at promoting any of its
> > projects, including ZAP.
> > However I'm not going to point fingers at any individuals.
> > OWASP is primarily a volunteer organization, and its up to all of us to
> > address issues that we are concerned with.
> > While I think OWASP could do a better job of promoting all of its
> projects I
> > dont have any big ideas how that could be achieved - marketing is not my
> > area of expertise ;)
> > I dont like criticizing unless I can offer constructive alternatives.
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140609/9893e180/attachment.html>


More information about the Owasp-testing mailing list