Google Summer of Code 2104
132 views
Skip to first unread message
psiinon
Feb 4, 2014, 10:15:24 AM2/4/14
to zaproxy...@googlegroups.com
Yes, its that time of year again!
As you hopefully know, ZAP has taken part in GSoC for the last 2 years: 2012 and 2013.
I've just added a new page on the ZAP wiki for 2014 proposals.
Please add any proposals you have to this page, or post them here.
Offers of mentorship also gratefully received.
Some of the most powerful ZAP features have been added by GSoC students, so I'm really keen for us to make the most of this great opportunity again!.
Cheers,
Simon
As you hopefully know, ZAP has taken part in GSoC for the last 2 years: 2012 and 2013.
I've just added a new page on the ZAP wiki for 2014 proposals.
Please add any proposals you have to this page, or post them here.
Offers of mentorship also gratefully received.
Some of the most powerful ZAP features have been added by GSoC students, so I'm really keen for us to make the most of this great opportunity again!.
Cheers,
Simon
psiinon
Feb 11, 2014, 5:00:17 AM2/11/14
to zaproxy...@googlegroups.com
I've added some more details to http://code.google.com/p/zaproxy/wiki/GSoC2014
Any other suggestions?
Anyone fancy being a ZAP mentor?
Cheers,
Simon
Any other suggestions?
Anyone fancy being a ZAP mentor?
Cheers,
Simon
psiinon
Mar 7, 2014, 6:35:02 AM3/7/14
to zaproxy...@googlegroups.com
For any students thinking of applying to work on ZAP for GSoC 2014, the application period starts on March 10th and closes on March 21st.
However you can get in touch with us at any time, as many of you have :)
We have some suggested projects here: https://www.owasp.org/index.php/GSoC2014_Ideas#OWASP_ZAP but you are free to suggest your own ideas.
I'm very happy to review your proposals before you submit them, but I will have limited availability between March 13th and 18th.
So if you'd like any feedback from me then the sooner you ask for it the better ;)
However you can get in touch with us at any time, as many of you have :)
We have some suggested projects here: https://www.owasp.org/index.php/GSoC2014_Ideas#OWASP_ZAP but you are free to suggest your own ideas.
I'm very happy to review your proposals before you submit them, but I will have limited availability between March 13th and 18th.
So if you'd like any feedback from me then the sooner you ask for it the better ;)
Cheers,
Simon
On Tuesday, 4 February 2014 15:15:24 UTC, psiinon wrote:
Mostafa
Mar 13, 2014, 9:34:06 AM3/13/14
to zaproxy...@googlegroups.com
Hi, how we can apply for the GSoC2014?
psiinon
Mar 14, 2014, 4:29:17 AM3/14/14
to zaproxy...@googlegroups.com
https://www.google-melange.com/gsoc/homepage/google/gsoc2014
Sorry for the short reply - I'm currently away with limited internet access;)
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Lindsay Simpkins
Mar 19, 2014, 10:46:19 PM3/19/14
to zaproxy...@googlegroups.com
Hi, I'm Lindsay Simpkins, a graduate student at North Carolina A&T State University. I'm working on a MS in Computer Science, specifically the Secure Software Engineering program. I hadn't heard of ZAP before looking into GSoC, but it looks like a more comprehensive tool that the ones we used in our Software Security Testing course, and will be recommending it to my professor. Software security is fascinating, and I would love the chance to get involved in this.
The Advanced Access Control Testing project sounded really interesting to me, though I have a few questions. After doing some research, I found that this project is an extension of a GSoC project from last summer: Enhanced HTTP Session Handling. How far along did that get? It looks like the project was supposed to show a site tree for each session, which is similar to the goal for this project of having a site tree by role. Will this project be building off last years project and just change the display of the site tree under the spider functionality? Or is this supposed to be a new function/tab where you can input several accounts at different role levels, have it spider each session, and then display the trees from each role (plus the other functionality mentioned for the project)?
In the source code I can see several files from the project under zap/session, but can't tell if they are used elsewhere. I could see that zap/spider/Spider.java uses the zap/users/User.java file, and also that the zap/users/Role.java file is basically empty.
~Lindsay
The Advanced Access Control Testing project sounded really interesting to me, though I have a few questions. After doing some research, I found that this project is an extension of a GSoC project from last summer: Enhanced HTTP Session Handling. How far along did that get? It looks like the project was supposed to show a site tree for each session, which is similar to the goal for this project of having a site tree by role. Will this project be building off last years project and just change the display of the site tree under the spider functionality? Or is this supposed to be a new function/tab where you can input several accounts at different role levels, have it spider each session, and then display the trees from each role (plus the other functionality mentioned for the project)?
In the source code I can see several files from the project under zap/session, but can't tell if they are used elsewhere. I could see that zap/spider/Spider.java uses the zap/users/User.java file, and also that the zap/users/Role.java file is basically empty.
~Lindsay
psiinon
Mar 20, 2014, 5:41:31 AM3/20/14
to zaproxy...@googlegroups.com
Hi Lindsay,
Good to hear from you :)
Cosmin's GSoC project from 2013 added user support to ZAP and made significant improvements to the ZAP authentication handling, including adding support for authentication scripts. Well, some of that was implemented after the end of GSoC as Cosmin carried on contributing throughout the year - he's now one of the core ZAP developers.
The changes to the sites tree were planned for that project but got pushed out to allow more powerful features to be added - its not unusual for the scope of GSoC projects to change as they progress.
This project would build on his work, which has touched many parts of the source code, but especially the packages:
Good to hear from you :)
Cosmin's GSoC project from 2013 added user support to ZAP and made significant improvements to the ZAP authentication handling, including adding support for authentication scripts. Well, some of that was implemented after the end of GSoC as Cosmin carried on contributing throughout the year - he's now one of the core ZAP developers.
The changes to the sites tree were planned for that project but got pushed out to allow more powerful features to be added - its not unusual for the scope of GSoC projects to change as they progress.
This project would build on his work, which has touched many parts of the source code, but especially the packages:
- org/zaproxy/zap/authentication
- org/zaproxy/zap/session
- org/zaproxy/zap/extension/authentication
- org/zaproxy/zap/extension/httpsessions
- org/zaproxy/zap/extension/forceduser
I would really like this project to allow the user to see the sites tree based on different users, ideally showing the differences between them. It should provide both automated tests for finding access control problems and tools to help manual testing.
Anything else I can help with?
Cheers,
Simon
Lindsay Simpkins
Mar 20, 2014, 6:40:46 PM3/20/14
to zaproxy...@googlegroups.com
That should be enough information to create a more detailed proposal.
Thanks!
Thanks!
Reply all
Reply to author
Forward
0 new messages