What would you like from ZAP in 2018?

[psiinon]

We are in the process of planning what we would like to achieve in 2018.

And as part of that it would be really great to have your input - so what would you like us to focus on?

I cant promise that we will actually work on the things you suggest, but we'll definitely take them into account ;)

As an open source project we rely on volunteers, and volunteers can choose what they do.

But we can also encourage students to work on specific projects, eg through initiatives like Google Summer of Code, so if we know that a lot of you really want something that the core team cant focus on right now then we can still propose those as ideal student projects.

And, of course, if you would also be able to work on some of the things you suggest then please let me know. We always do our best to support people who would like to work on ZAP.

Many thanks,

Simon

--

OWASP ZAP Project leader

[Ailton Caetano]

Hi Simon,

  i think that the issues that harm ZAP the most are the ones that hamper our tests by not allowing us to make certain checks, like the ones refered in issues #4127 e #4222. 

These are the things that actually make me start Burp Suite to continue in my application security assessments.

Regards,

Ailton Caetano

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/CAORxfg4S0tPJpjqy94_QKdNEA9o%3DOB9hEJWii7dFNyaZC11A0g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[static...@staticeffect.com]

I would like to see a more user friendly, intuitive UI. the pain point of Zap for me has been trying to figure out how to do things, I feel it discourages new users from using Zap vs Burp.

Maybe an updated tutorial/how to?

[kingthorin+owaspzap]

We can absolutely always use more docs, vids, tutorials etc.

Having once upon a time switched from an IBM product to Burp. Then again later switching to ZAP. I feel there’s always a steep curve. Not to make that an excuse but more to provide perspective.

[Javi D R]

A docker image that can be used as a centralised proxy to automate security testing through it. We spoke about that in Blackhat :)

Would be nice to name it as ZaaS! (Zap as a Service)

[learner King]

more fuzz payload replacement strategies, like burp intruder attack type

在 2018年1月5日星期五 UTC+8下午10:28:22，Simon Bennetts写道：

[sbzo sbzo]

Hi,

I like see in zap proxy the following (is like a Christmas list):

• Unify request and response tab in one, because when I use requester I have to deal with two request panels.
• I really like when I change to history pane, the focus would be on the last selected request, and don't have to use mouse or more than 3 tabs to get there :)
• The possibility of creating multiple injections into fuzzer and permit define its behavior (I most use if select many entry points and test one by one using the same payload).
• A full layout access key shortcut.

Thank you very much for all the developers and special Simon to take his time to keep developing this project. Never is enough to thank everyone your time and work.

Best regards,

RLobo.

[Nitin Sharma]

I would like to see a full fledged automated docker image to move on with DevOps practice for automated security assessments. Would love to see python making it easier. I believe there is a lot of possibility with ZAP and DevSecOps. 

[kingthorin+owaspzap]

What is missing from the existing docker images and python scripts?

[john mas]

Hi,

Ability to have multiple listeners would be appreciated :)

On Tue, Feb 20, 2018 at 5:49 PM, kingthorin+owaspzap <kingt...@gmail.com> wrote:

What is missing from the existing docker images and python scripts?

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com.

[Simon Bennetts]

Listeners on multiple hosts and ports?
We already have that in 2.7.0 :D
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsLocalproxy

[Ailton Caetano]

But we already have that!

Regards,

Ailton Caetano

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urkHQBX65iYw%40mail.gmail.com.

[john mas]

Apologies!

I guess i missed that (just updated to 2.7 quite recently)

Do we also have the ability to redirect each port to a different destination port?

I'm asking based on thick client testing that requires that and other things to be properly intercepted.

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/CAMtJAtqvBYt_cDaDA1eMoe_0ODpSiwVCWUAk9Hz%3DVwrSRccVMg%40mail.gmail.com.

[thc...@gmail.com]

It does not allow to do that directly with that option, but one can use
a HTTP Sender script to rewrite the requests/responses.

Best regards.

On 28/02/18 13:44, john mas wrote:
> Apologies!
> I guess i missed that (just updated to 2.7 quite recently)
>
> Do we also have the ability to redirect each port to a different
> destination port?
> I'm asking based on thick client testing that requires that and other
> things to be properly intercepted.
>
>
> On Wed, Feb 28, 2018 at 2:44 PM, Ailton Caetano <ailtonc...@gmail.com>
> wrote:
>
>> But we already have that!
>>
>> [image: Imagem inline 1]
>>
>>
>> Regards,
>>
>> Ailton Caetano
>>
>> 2018-02-28 9:31 GMT-03:00 john mas <jojom...@gmail.com>:
>>
>>> Hi,
>>>
>>> Ability to have multiple listeners would be appreciated :)
>>>
>>> On Tue, Feb 20, 2018 at 5:49 PM, kingthorin+owaspzap <
>>> kingt...@gmail.com> wrote:
>>>
>>>> What is missing from the existing docker images and python scripts?
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP ZAP User Group" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send

>>>> an email to zaproxy-user...@googlegroups.com.

>>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>>> gid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40goo
>>>> glegroups.com

>>>> <https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .

>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> email to zaproxy-user...@googlegroups.com.

>>> To view this discussion on the web visit https://groups.google.com/d/ms

>>> gid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urk
>>> HQBX65iYw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urkHQBX65iYw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .

>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP ZAP User Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an

>> email to zaproxy-user...@googlegroups.com.

>> To view this discussion on the web visit https://groups.google.com/d/

>> msgid/zaproxy-users/CAMtJAtqvBYt_cDaDA1eMoe_0ODpSiwVCWUAk9Hz%3DVwrSRccVMg%
>> 40mail.gmail.com
>> <https://groups.google.com/d/msgid/zaproxy-users/CAMtJAtqvBYt_cDaDA1eMoe_0ODpSiwVCWUAk9Hz%3DVwrSRccVMg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .

[john mas]

Thanks!

Is there also something for Java Serialization?

>>>> an email to zaproxy-users+unsubscribe@googlegroups.com.

>>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>>> gid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40goo
>>>> glegroups.com

>>>> <https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com?utm_medium=email&utm_source=footer>

>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> email to zaproxy-users+unsubscribe@googlegroups.com.

>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urk
>>> HQBX65iYw%40mail.gmail.com

>>> <https://groups.google.com/d/msgid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urkHQBX65iYw%40mail.gmail.com?utm_medium=email&utm_source=footer>

>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP ZAP User Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an

>> email to zaproxy-users+unsubscribe@googlegroups.com.

>> To view this discussion on the web visit https://groups.google.com/d/

>> msgid/zaproxy-users/CAMtJAtqvBYt_cDaDA1eMoe_0ODpSiwVCWUAk9Hz%3DVwrSRccVMg%
>> 40mail.gmail.com
>> <https://groups.google.com/d/msgid/zaproxy-users/CAMtJAtqvBYt_cDaDA1eMoe_0ODpSiwVCWUAk9Hz%3DVwrSRccVMg%40mail.gmail.com?utm_medium=email&utm_source=footer>

>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/26ef4531-4c37-3107-31f7-d9b01c9c03a5%40gmail.com.

[jessica ingrassellino]

Hello There! I'd like to see (and help contribute to) a solid experience for those starting out with the tool. I have difficulty trying to find out how to do things that seem "basic" but may not be to those entering into security space for the first time. Since I am venturing into this from the beginning, having used the product for some minor scripts almost two years ago, I would be willing to contribute to more robust beginning docs if that is seen as a general need among the user community. Just let me know. I really love this project! This year, my goal is to become proficient in my understanding.

[Simon Bennetts]

Hi Jessica,

I completely agree, 'getting started' docs for people new to security testing would be very useful.
And someone like yourself would be in a much better position to suggest what we need than those of us who've been working in security for a while now :)
We (the ZAP core team) can definitely help with the content, but the topics and the level at which the docs should really be set by people new to ZAP.
I'll start another thread on this group so we dont hijack this one :)

Many thanks,

Simon

[Simon Bennetts]

New thread here: https://groups.google.com/d/msg/zaproxy-users/_lR1le2S7oo/dsFgtjrqBwAJ

[Alessandro Pezzè]

Is this configurable through APIs?

On Wednesday, 28 February 2018 13:44:56 UTC+1, Ailton Caetano wrote:

But we already have that!

Regards,

Ailton Caetano

2018-02-28 9:31 GMT-03:00 john mas <jojom...@gmail.com>:

Hi,

Ability to have multiple listeners would be appreciated :)

On Tue, Feb 20, 2018 at 5:49 PM, kingthorin+owaspzap <kingt...@gmail.com> wrote:

What is missing from the existing docker images and python scripts?

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

[thc...@gmail.com]

Yes, it's possible to configure that with the "localProxies" API endpoints.

Best regards.

On 15/03/18 11:05, Alessandro Pezzè wrote:
> Is this configurable through APIs?
>
> On Wednesday, 28 February 2018 13:44:56 UTC+1, Ailton Caetano wrote:
>>
>> But we already have that!
>>
>> [image: Imagem inline 1]
>>
>>
>> Regards,
>>
>> Ailton Caetano
>>

>> 2018-02-28 9:31 GMT-03:00 john mas <jojom...@gmail.com <javascript:>>:

>>
>>> Hi,
>>>
>>> Ability to have multiple listeners would be appreciated :)
>>>
>>> On Tue, Feb 20, 2018 at 5:49 PM, kingthorin+owaspzap <kingt...@gmail.com
>>> <javascript:>> wrote:
>>>
>>>> What is missing from the existing docker images and python scripts?
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP ZAP User Group" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send

>>>> an email to zaproxy-user...@googlegroups.com <javascript:>.

>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com

>>>> <https://groups.google.com/d/msgid/zaproxy-users/5d478d22-8dd0-43e8-8f94-f8a3eb337347%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .

>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> email to zaproxy-user...@googlegroups.com <javascript:>.

>>> To view this discussion on the web visit

>>> https://groups.google.com/d/msgid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urkHQBX65iYw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/zaproxy-users/CABWuNmO4iYQCwb9W9q9SCBL8SrBLiQ8BZjFGS3urkHQBX65iYw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .