OWASP Too Many Software Projects?

Showing 1-12 of 12 messages
OWASP Too Many Software Projects? kingthorin+owaspzap 2/17/14 8:36 AM
Is it just me or is there another OWASP software project in every OWASP Connector that comes out?

ZAP
O-Saft
Xenotix
Mantra
etc

Is there any way we could convince a bunch of these to just contribute/integrate with ZAP? I'm not overly familiar with all of them but it seems to be that at least O-Saft and Xenotix could be brought into the fold. Increasing ZAP coverage and distribution/use of other OWASP Software Projects....
Re: OWASP Too Many Software Projects? psiinon 2/17/14 8:47 AM
Ha!

I must admit I often wonder whether some OWASP projects would be better off as ZAP add-ons.
ZAP is intended to be a framework which people can build on, and I have contacted a few project leaders to suggest this.

However I'm also aware that there are many good reasons why people might want to create their own tools from scratch.

Do you fancy starting such a discussion on the OWASP leaders list?
I _could_ but I think it would sound better coming from someone else ;)

Cheers,

Simon
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 2/17/14 11:41 AM
Sure I'll join the list and post something tomorrow.

I assume you mean this list?
https://lists.owasp.org/mailman/listinfo/owasp-leaders


Re: OWASP Too Many Software Projects? kingthorin+owaspzap 2/19/14 5:31 AM
So I'm in the process of trying to get this to happen. I joined the list, did the confirmation step, but now I'm not able to login to mailman and change my options (gives me auth failed). Thinking maybe I somehow managed to "fat finger" my initial password entry (twice) I requested by password from mailman but it hasn't come through. Perhaps there's some sort of administrative thing that needs to be done on the back-end before I'm actually part of the list? I dunno anyway....it's a work in progress :)
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 2/25/14 9:41 AM
Still not having any luck with this, I've emailed the list owner and Kate in an attempt to get things ironed out.
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 3/3/14 6:06 AM
Sadly I'm going to have to give up on this. I still don't have access to the list and haven't heard back from Kate.

Simon feel free to start a thread in there and reference this post. I'm sure if we polled ZAP users they'd be more than happy to see greater integration/support.
Re: OWASP Too Many Software Projects? psiinon 3/3/14 6:13 AM
No worries ;)

My plan is to start a series of blog posts to help people get started contributing to ZAP.
The first one will probably be some reasons why people might want to contribute.
I'll definitely include arguments why ZAP might be a better alternative to starting a new project, and post it to the OWASP leaders group (and link to this thread as you suggested) for comment..

Cheers,

Simon


On Monday, 3 March 2014 14:06:47 UTC, kingt...@gmail.com wrote:
Sadly I'm going to have to give up on this. I still don't have access to the list and haven't heard back from Kate.

Simon feel free to start a thread in there and reference this post. I'm sure if we polled ZAP users they'd be more than happy to see greater integration/support.
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 3/19/14 6:31 AM
According to the latest OWASP Connector emailing, OWASP has adopted a SQLi scanner project which is in the process of porting perl to python (https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project). Why not try to bring that on-board if they're porting anyway.....
Re: OWASP Too Many Software Projects? psiinon 3/19/14 6:45 AM
I'll try.
There are no contact details so I'll just have to join their list.
I emailed the OWASP leaders about the Hacking ZAP series http://lists.owasp.org/pipermail/owasp-leaders/2014-March/011032.html with the suggestion that people could integrate with ZAP, but no responses :(

Cheers,

Simon


On Wednesday, 19 March 2014 13:31:54 UTC, kingt...@gmail.com wrote:
According to the latest OWASP Connector emailing, OWASP has adopted a SQLi scanner project which is in the process of porting perl to python (https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project). Why not try to bring that on-board if they're porting anyway.....
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 3/19/14 8:28 AM
Thanks Simon, sorry to hear you're not getting any feedback but I DO definitely think it's worth trying/pushing.

Let me (or well the group) know if there's anything we can do to help of influence....
Re: OWASP Too Many Software Projects? kingthorin+owaspzap 8/26/14 4:56 AM
Based on something like:
http://w3af.org/dont-write-your-own-web-application-security-scanner

Could we encourage whoever writes the "Connector" to pose some questions to new project leads:
  • "Have you considered adding this functionality to an existing OWASP project?"
  • "Why does this need to be a separate project?"
  • "Wouldn't your idea lmnop benefit from existing functionality/framework in OWASP project xyz?"

That last one may be a stretch as they'd have to been at least somewhat familiar with all the tool projects, but still....

Is there any feedback or approval loop for new Tool projects? Or can anyone just hit the wiki and start something?

Re: OWASP Too Many Software Projects? psiinon 8/26/14 9:49 AM