OWASP Too Many Software Projects?
149 views
Skip to first unread message
kingt...@gmail.com
Feb 17, 2014, 11:36:34 AM2/17/14
to zaproxy...@googlegroups.com
Is it just me or is there another OWASP software project in every OWASP Connector that comes out?
ZAP
O-Saft
Xenotix
Mantra
etc
Is there any way we could convince a bunch of these to just contribute/integrate with ZAP? I'm not overly familiar with all of them but it seems to be that at least O-Saft and Xenotix could be brought into the fold. Increasing ZAP coverage and distribution/use of other OWASP Software Projects....
ZAP
O-Saft
Xenotix
Mantra
etc
Is there any way we could convince a bunch of these to just contribute/integrate with ZAP? I'm not overly familiar with all of them but it seems to be that at least O-Saft and Xenotix could be brought into the fold. Increasing ZAP coverage and distribution/use of other OWASP Software Projects....
psiinon
Feb 17, 2014, 11:47:48 AM2/17/14
to zaproxy...@googlegroups.com
Ha!
I must admit I often wonder whether some OWASP projects would be better off as ZAP add-ons.
ZAP is intended to be a framework which people can build on, and I have contacted a few project leaders to suggest this.
However I'm also aware that there are many good reasons why people might want to create their own tools from scratch.
Do you fancy starting such a discussion on the OWASP leaders list?
I _could_ but I think it would sound better coming from someone else ;)
Cheers,
Simon
I must admit I often wonder whether some OWASP projects would be better off as ZAP add-ons.
ZAP is intended to be a framework which people can build on, and I have contacted a few project leaders to suggest this.
However I'm also aware that there are many good reasons why people might want to create their own tools from scratch.
Do you fancy starting such a discussion on the OWASP leaders list?
I _could_ but I think it would sound better coming from someone else ;)
Cheers,
Simon
kingt...@gmail.com
Feb 17, 2014, 2:41:55 PM2/17/14
to zaproxy...@googlegroups.com
Sure I'll join the list and post something tomorrow.
I assume you mean this list?
https://lists.owasp.org/mailman/listinfo/owasp-leaders
I assume you mean this list?
https://lists.owasp.org/mailman/listinfo/owasp-leaders
kingt...@gmail.com
Feb 19, 2014, 8:31:03 AM2/19/14
to zaproxy...@googlegroups.com
So I'm in the process of trying to get this to happen. I joined the list, did the confirmation step, but now I'm not able to login to mailman and change my options (gives me auth failed). Thinking maybe I somehow managed to "fat finger" my initial password entry (twice) I requested by password from mailman but it hasn't come through. Perhaps there's some sort of administrative thing that needs to be done on the back-end before I'm actually part of the list? I dunno anyway....it's a work in progress :)
kingt...@gmail.com
Feb 25, 2014, 12:41:20 PM2/25/14
to zaproxy...@googlegroups.com
Still not having any luck with this, I've emailed the list owner and Kate in an attempt to get things ironed out.
kingt...@gmail.com
Mar 3, 2014, 9:06:47 AM3/3/14
to zaproxy...@googlegroups.com
Sadly I'm going to have to give up on this. I still don't have access to the list and haven't heard back from Kate.
Simon feel free to start a thread in there and reference this post. I'm sure if we polled ZAP users they'd be more than happy to see greater integration/support.
Simon feel free to start a thread in there and reference this post. I'm sure if we polled ZAP users they'd be more than happy to see greater integration/support.
psiinon
Mar 3, 2014, 9:13:27 AM3/3/14
to zaproxy...@googlegroups.com
No worries ;)
My plan is to start a series of blog posts to help people get started contributing to ZAP.
The first one will probably be some reasons why people might want to contribute.
I'll definitely include arguments why ZAP might be a better alternative to starting a new project, and post it to the OWASP leaders group (and link to this thread as you suggested) for comment..
Cheers,
Simon
My plan is to start a series of blog posts to help people get started contributing to ZAP.
The first one will probably be some reasons why people might want to contribute.
I'll definitely include arguments why ZAP might be a better alternative to starting a new project, and post it to the OWASP leaders group (and link to this thread as you suggested) for comment..
Cheers,
Simon
kingt...@gmail.com
Mar 19, 2014, 9:31:54 AM3/19/14
to zaproxy...@googlegroups.com
According to the latest OWASP Connector emailing, OWASP has adopted a SQLi scanner project which is in the process of porting perl to python (https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project). Why not try to bring that on-board if they're porting anyway.....
psiinon
Mar 19, 2014, 9:45:47 AM3/19/14
to zaproxy...@googlegroups.com
I'll try.
There are no contact details so I'll just have to join their list.
I emailed the OWASP leaders about the Hacking ZAP series http://lists.owasp.org/pipermail/owasp-leaders/2014-March/011032.html with the suggestion that people could integrate with ZAP, but no responses :(
Cheers,
Simon
There are no contact details so I'll just have to join their list.
I emailed the OWASP leaders about the Hacking ZAP series http://lists.owasp.org/pipermail/owasp-leaders/2014-March/011032.html with the suggestion that people could integrate with ZAP, but no responses :(
Cheers,
Simon
kingt...@gmail.com
Mar 19, 2014, 11:28:46 AM3/19/14
to zaproxy...@googlegroups.com
Thanks Simon, sorry to hear you're not getting any feedback but I DO definitely think it's worth trying/pushing.
Let me (or well the group) know if there's anything we can do to help of influence....
Let me (or well the group) know if there's anything we can do to help of influence....
kingthorin+owaspzap
Aug 26, 2014, 7:56:45 AM8/26/14
to zaproxy...@googlegroups.com
Based on something like:
http://w3af.org/dont-write-your-own-web-application-security-scanner
Could we encourage whoever writes the "Connector" to pose some questions to new project leads:
http://w3af.org/dont-write-your-own-web-application-security-scanner
Could we encourage whoever writes the "Connector" to pose some questions to new project leads:
- "Have you considered adding this functionality to an existing OWASP project?"
- "Why does this need to be a separate project?"
- "Wouldn't your idea lmnop benefit from existing functionality/framework in OWASP project xyz?"
That last one may be a stretch as they'd have to been at least somewhat familiar with all the tool projects, but still....
Is there any feedback or approval loop for new Tool projects? Or can anyone just hit the wiki and start something?
psiinon
Aug 26, 2014, 12:49:18 PM8/26/14
to zaproxy...@googlegroups.com
I commented on this thread: http://lists.owasp.org/pipermail/owasp-leaders/2014-August/012804.html :)
Reply all
Reply to author
Forward
0 new messages