[WEB SECURITY] open source tools is not as good as imaged

psiinon psiinon at gmail.com
Mon Jun 6 02:38:34 EDT 2011


Hi Andre,

Yes, we intend to improve ZAP in all these areas :)
Regarding exporting data, the next version (which will be released very
soon) will provide an API that supports JSON, XML and HTML, and we'll do our
best to ensure that ZAP plays well with other applications with more changes
in future releases.

Psiinon

On Sun, Jun 5, 2011 at 11:42 PM, Andre Gironda <andreg at gmail.com> wrote:

> On Sun, Jun 5, 2011 at 8:31 AM, psiinon <psiinon at gmail.com> wrote:
> > Have you tried the OWASP Zed Attack Proxy -
> > https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project?
> > It is open source and completely free (there is no paid for 'pro'
> version).
> > Its also intended to be a community project - so we encourage
> involvement.
> > If you submit good quality code then you'll get commit access :)
> > Psiinon - OWASP ZAP Project Lead.
>
> Any intent to improve the wavsep.googlecode.com or
> wivet.googlecode.com results from ZAP?
>
> ZAP scores worse than both Andiparos and Paros on SQLi categories, and
> worse than most tools in other categories when run against WAVSEP.
> It's also one of the worst crawlers, as seen in its WIVET results.
>
> Many tools such as W3AF can export their findings as XML (and their
> request data as HTML,Ajax,Ruby,Python), which can be imported into The
> Dradis Framework (which outputs its own XML, or to HTML, Word, or
> Mediawiki). Burp Pro Scanner can export its data as XML and HTML, and
> so does the "analyse target" tool -- plus you can save
> request/response data in Repeater and store session files that contain
> this data. Fiddler can save a SAZ file full of request/response data
> and export as a variety of Microsoft Internet Explorer and Visual
> Studio XML formats. Do you have any plans to make ZAP more extensible
> in these ways?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110606/cf51eadc/attachment-0003.html>


More information about the websecurity mailing list