ZAP evangelists - Meet up - Videos for evangelizing Devs
10 views
Skip to first unread message
johanna curiel curiel
Sep 11, 2018, 10:03:31 AM9/11/18
to Amit Kulkarni, OWASP ZAP Evangelists Group
Hi All,
I'll be presenting how to use ZAP on testing a modern API, that has been not secured and then secured using Spring Security & Angular.
The idea is to show certain vulnerabilities that can be easily caught , how to fix in the code using Spring and test again using ZAP.
I'll be creating videos on this.
If you guys know peeps in Amsterdam, area, please let them know
Cheers
On Mon, Sep 10, 2018 at 10:14 AM, Amit Kulkarni <amitsk...@gmail.com> wrote:
Hi Simon,Agree, to add or mention the "low hanging fruits" ZAP can find.Also, I would like to add - to update the doc and mention clearly to pass "API Key Parameter" for any api calls. Lot of Import error will get resolved on group threads :)Regards,Amit
On Wednesday, 15 August 2018 20:14:08 UTC+8, Omer Levi Hevroni wrote:I feel the same - I find it hard to explain to people what Zap can find. The list of rules is not always easy to find, or clear enough, The mapping to the top 10 is a great start, I think what missing is an updated list of all the potential issues Zap can find.On Thu, Aug 9, 2018 at 12:59 PM psiinon <psi...@gmail.com> wrote:Thanks Johanna - I think that this is a great way to use ZAP, and we should def improve our documentation around this.Looking forward to your doc :)Cheers,SimonOn Thu, Aug 9, 2018 at 10:56 AM, johanna curiel curiel <johanna...@owasp.org> wrote:Hi SimonI'm trying to introduce ZAP as a tool for developers can use to "catch low hanging fruits", I had a meetup in Amsterdam recently with this attempt.But as I went ta long with my devs colleagues , many need to understand "what are " the low hanging fruits and how to use ZAP for this purpose, which can be quite different that pen testing. Such as using secure software development lifecycle and catch the low fruits before the pen testers does. Noticed many developers and testers found this idea very appealing because they want to deliver quality, most especially when a company is really into using Secure SDLC. Let's say is ore about security testing which is not equal to pen testing.I'm working on a doc for this purpose and I'll share it through the owasp wiki.Cheers--On Sat, Aug 4, 2018 at 10:03 AM, Simon Bennetts <psi...@gmail.com> wrote:--Hey evangelists,Thank you for your continued support for ZAP - it really means a lot to us.I have just one question for you right now...What could we do to make ZAP better for the people you are evangelizing to?It could be big things, small things, new features, improved existing ones, specific bug fixes, better docs, whatever you think will make the most difference.Feel free to reply to this thread or email me directly.And remember that you don't actually need to wait to be asked - the feedback you can give to us about ZAP is really useful so let us know whenever you have some!Many thanks,Simon
You received this message because you are subscribed to the Google Groups "OWASP ZAP Evangelists Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-evangelists+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johanna CurielOWASP Volunteer--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Evangelists Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-evangelists+unsubscribe...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Evangelists Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-evangelists+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johanna Curiel
OWASP VolunteerReply all
Reply to author
Forward
0 new messages