Hi folks,We already have some ZAP automation tasks (managed by ZAPbot: http://zapbot.github.io/zap- mgmt-scripts/index.html), doing things like:
- Submitting PRs from Crowdin
- Gathering stats
- Running ZAP against wavsep and wivet
However they are running on VMs that only I can access, and as a result they are very hard for the ZAP team as a whole to manage.I think it would be better if they were migrated to something like Google Cloud Kubernetes Engine - that should be pretty cheep and in any case we have money in the budget to pay for things like that.I'd also like to expand the automation to test ZAP against even more vulnerable web apps, such as the OWASP Benchmark.Unfortunately the ZAP core team are all _really_ busy trying to get 2.8.0 released :/So .. does any one here fancy giving us a hand?You don't need to know java, although some limited python experience would help.You also dont have to be a ZAP expert user either, we can definitely advise with that side.It would be a good opportunity to play around with some relatively new tech, learn more about ZAP automation and of course to help us out :)Many thanks,Simon
On Sun, Dec 30, 2018 at 1:00 PM, Aidan Feldman<aidan....@gmail.com> wrote:
I'm interested! Is there a good small sub-project to start with?
On Wednesday, November 14, 2018 at 6:15:40 AM UTC-5, psiinon wrote:
Hi folks,We already have some ZAP automation tasks (managed by ZAPbot: http://zapbot.github.io/zap- mgmt-scripts/index.html), doing things like:
- Submitting PRs from Crowdin
- Gathering stats
- Running ZAP against wavsep and wivet
However they are running on VMs that only I can access, and as a result they are very hard for the ZAP team as a whole to manage.I think it would be better if they were migrated to something like Google Cloud Kubernetes Engine - that should be pretty cheep and in any case we have money in the budget to pay for things like that.I'd also like to expand the automation to test ZAP against even more vulnerable web apps, such as the OWASP Benchmark.Unfortunately the ZAP core team are all _really_ busy trying to get 2.8.0 released :/So .. does any one here fancy giving us a hand?You don't need to know java, although some limited python experience would help.You also dont have to be a ZAP expert user either, we can definitely advise with that side.It would be a good opportunity to play around with some relatively new tech, learn more about ZAP automation and of course to help us out :)Many thanks,Simon
I'm interested in this and willing to help. Since we use zap heavily on our testing want to contribute.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/1f29bd0b-b88b-468b-b12f-1cef913e5df5%40googlegroups.com.