[Owasp_project_leader_list] ZAP planned features

psiinon psiinon at gmail.com
Thu Apr 24 16:46:41 UTC 2014


As you're all hopefully aware, ZAP 2.3.0 has just been released.

And as ZAP is a Flagship project and the most active OWASP tool I thought
I'd let you all know the major features that we're now working on for
future releases.

If you think these are not the right lists for this sort of announcement
then feel free to flame me on or off list ;)

The main features we are working on are:

   - Client side scanning, a framework for scanning all common browsers as
   well as a POC DOM XSS scan rule
   - Advanced fuzzing components, including the ability to scan multiple
   components
   - Advanced access control testing, including the detection or horizontal
   and vertical access control issues
   - SOAP Service scanning, including WSDL parsing and web service specific
   scan rules
   - Sequence scanning, allowing ZAP to scan parameters of pages that can
   only be accessed via set sequences
   - Sequence detection, the automated detection of pages that can only be
   accessed via set sequences

Most of these changes are being implemented by students, either as part of
Google Summer of Code 2014 or as part of their masters degrees. This is
great news and something I really want to support and encourage.
So if you're a student (or know one) who needs to work on a project as part
of your degree and fancy contributing to ZAP then please get in touch!

We dont have a date for 2.4 yet, we'll release it when its ready. The
contents may (and probably will;) vary.

If you'd like any more info about any of these enhancements them feel free
to contact me directly or head over the to ZAP Developer
group<http://groups.google.com/group/zaproxy-develop>
.

Cheers,

Simon
-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_project_leader_list/attachments/20140424/5f221cac/attachment.html>


More information about the Owasp_project_leader_list mailing list