Hi Maran,
Awesome. There are 2 roads we can take here
- Focus on functionalities (as you already have presented in the chapters)
- Focus on how to test specific vulnerabilities with ZAP features==> ZAP use cases
I think If we would like for users and first time users to understand how to they can use ZAP at both fronts, I though about examples on how to test for specific vulnerabilities(sql injection, XSS,etc) and in this way they also understand how the functionalities and features works.
For the part of writing scripts, I would like to include a set of scripts targeted to specific vulnerabilities, kind of NMAP NSE scripting engine with a special package for vulnerabilities scripts written is Zest
I contacted Bill Sempf who is an experienced book author and he provided us some advice, even to put us in contact with Wiley publishers ;-)-. Advantage of publishers is promotion but we get a lot less from this deal.
We go and publish directly through amazon for example, we can get more cut but we have all the editor work on our hands. Since it is not only about the money but promoting ZAP and helping users , I think we could try and talk with Wiley publishers.
This book can be offered at conference talks by Simon or the evangelists ;-). Also for training courses will be ideal.So I think the book can have a positive impact spreading ZAP image and further use of the tool.
Commitment is necessary. I'm willing to dedicate the coming 6 months of my entire spare time to make this book happen and to get credit on the book I expect no less hard work whether reviewing it or working on some chapters ;-).
Keep in mind that by the time we publish, some sections could be outdated, therefore we need to focus in explaining those feature that most likely wont change drastically in the coming 6 months.
Regards
Johanna
Regards
Johanna