Google Summer of Code 2014
1 view
Skip to first unread message
Simon Bennetts
Feb 26, 2014, 8:48:37 AM2/26/14
to mozill...@googlegroups.com
I'm delighted to report that there are 2 Zest related GSoC proposals:
- Mozilla - Implement Zest recorder and runner: https://wiki.mozilla.org/Community:SummerOfCode14#Security_Engineering
- OWASP - OWTF Zest support: https://www.owasp.org/index.php/GSoC2014_Ideas#OWASP_OWTF_-_Zest_support
If you are interested in working on either of these projects then please feel free to ask any questions you have on this group.
Simon
Akash Nimare
Mar 4, 2014, 3:05:35 PM3/4/14
to mozill...@googlegroups.com
Hello
I am Akash. I am interested in building the add-on. I am familiar with a Firefox add-on but not the zest scripts. Can you please guide me so that I can start work on that.
Here is my github profile
Front-end work
All other projects
Simon Bennetts
Mar 5, 2014, 4:32:09 AM3/5/14
to mozill...@googlegroups.com
Hi Akash,
Great to hear from you.
The best way to get started is to have a look at these links:
Great to hear from you.
The best way to get started is to have a look at these links:
- https://developer.mozilla.org/en-US/docs/zest
- https://github.com/mozilla/zest
- https://blog.mozilla.org/security/2014/01/20/reporting-web-vulnerabilities-to-mozilla-using-zest/
Its also well worth having a look at my talk at AppSec USA last year - the Zest part starts here: https://www.youtube.com/watch?v=pYFtLA2yTR8&t=23m47s
I would also recommend downloading and playing with OWASP ZAP as that allows you to create and run Zest scripts graphically: http://code.google.com/p/zaproxy/wiki/Downloads?tm=2
We do know that the documentation could be better, so please ask any questions you have on this list.
Many thanks,
Simon
Akash Nimare
Mar 5, 2014, 11:59:18 AM3/5/14
to mozill...@googlegroups.com
Okay. Looking at all the resources :)
Akash Nimare
Mar 6, 2014, 12:33:52 PM3/6/14
to mozill...@googlegroups.com
Sir
I have seen all your resources and played with the ZAP.What should be the next step now?
Thanks :)
Simon Bennetts
Mar 6, 2014, 12:38:39 PM3/6/14
to mozill...@googlegroups.com
The timeline is described here: http://www.google-melange.com/gsoc/events/google/gsoc2014
Right now we're in the 'Interim period' - thats your chance to discuss the project with us.
But you need to drive this - what would you like to know?
Cheers,
Simon
Right now we're in the 'Interim period' - thats your chance to discuss the project with us.
But you need to drive this - what would you like to know?
Cheers,
Simon
Akash Nimare
Mar 6, 2014, 1:04:01 PM3/6/14
to mozill...@googlegroups.com
I have played with the zest scripts but now i want to get start to build the add-on. I want to know that do we have to implement all the stuffs which is doing by ZAP in our add-on?
I mean basically we have to make a GUI for this and which is without using zap.Am i going right?
Simon Bennetts
Mar 7, 2014, 5:38:31 AM3/7/14
to mozill...@googlegroups.com
I dont think you have to implement everything that ZAP does.
ZAP uses Zest as a macro language, so not everything it does will be relevant in Firefox.
Being able to record and rerun Zest scripts would be a good start.
Editing them would be the next step.
You dont have to display and edit Zest scripts the way ZAP does.
Obviously I think its a good way to display them, but if you can think of a better way then feel free to suggest it :)
ZAP uses Zest as a macro language, so not everything it does will be relevant in Firefox.
Being able to record and rerun Zest scripts would be a good start.
Editing them would be the next step.
You dont have to display and edit Zest scripts the way ZAP does.
Obviously I think its a good way to display them, but if you can think of a better way then feel free to suggest it :)
Akash Nimare
Mar 7, 2014, 5:50:39 AM3/7/14
to mozill...@googlegroups.com
Now it's clear.
Reply all
Reply to author
Forward
0 new messages